CVE-2026-32251 Tolgee has an XXE Injection in Translation Import

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

CVE-2026-32251 Tolgee has an XXE Injection in Translation Import

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

CVE-2026-32251

Tolgee is affected by CVE-2026-32251 before version 3.166.3. The XML parsers used for importing Android XML resources (.xml) and .resx files do not disable external entity processing, allowing an authenticated user who can import translation files to read arbitrary server files and perform server...

CVE-2026-32251 Tolgee has an XXE Injection in Translation Import

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

Directory Traversal

pimcore is vulnerable to directory traversal. It does not properly handle session for file import, exposing server path for translation import...

Pimcore 路径遍历漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore versions prior to 10.3.2 contain a...