42 matches found
CVE-2025-67887
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...
CVE-2026-28223
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...
CVE-2026-28223
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...
Wagtail 跨站脚本漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the confirmation messages in the Wagtail.contrib.simpletranslation module, which...
PT-2026-22988
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.8 Wagtail versions prior to 7.0.6 Wagtail versions prior to 7.2.3 Wagtail versions prior to 7.3.1 Description A stored cross-site scripting XSS issue exists within the wagtail.contrib.simple translation module. A...
CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...
📄 C‑Bitrix 25.100.500 Translate Module Arbitrary File Upload
C‑Bitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : C‑Bitrix...
EUVD-2007-5666
Malware in sbrugna...
EUVD-2007-5665
Malware in sbrugna...
EUVD-2022-2087
Malicious code in bioql PyPI...
EUVD-2022-41092
Malicious code in bioql PyPI...
GHSA-H9WW-WJG4-JVVG Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module
The Translation module before v2.0.58 from Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via...
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module
The Translation module before v2.0.58 from Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via...
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...
Design/Logic Flaw
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...
CVE-2022-38512
The CVE-2022-38512 issue affects Liferay Portal v7.4.3.12–v7.4.3.36 and Liferay DXP 7.4 update 8–36, where the Translation module does not verify permissions when exporting a web content for translation. The underlying flaw allows an attacker to download a web content page’s XLIFF translation fil...
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...