CVE-2026-41692

CVE-2026-41692 affects i18nextify prior to 4.0.8. The library substitutes {{key}} tokens in src and href/src attributes with i18next.t() results, and its replaceInside handler only guards against a duplicated http:// origin, not the URL scheme. As a result, translated values like javascript:alert...

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address multiple vulnerabilities CVE-2026-27970, CVE-2026-29063, CVE-2025-68161, CVE-2026-27830, CVE-2024-31033, CVE-2026-33671, CVE-2026-33672, CVE-2026-32635, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610, WS-2026-0003. Vulnerability Details...

CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

EUVD-2023-2326

Malicious code in bioql PyPI...

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash \, allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2024-11025 SMA: SQL injection in Sunny Central UP

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device...

Malicious code in file-alb-um-zip-new-mp3-516808-dirt-femme-opjhu-pollak (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb612c09cfa90c9282458b5dfe5160465641fc306d23577236667e4f8f285c04 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37084

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...

GHSA-M9R4-3FG7-PQM2 PrestaShop path traversal

Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. Patches 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds none References none...

Design/Logic Flaw

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker...

Claris FileMaker Pro 代码问题漏洞

Claris FileMaker Pro is a cross-platform relational database application from Claris USA. It integrates a database engine with a graphical user interface Gui and security features that allow users to modify the database, or tables, by dragging new elements onto layouts, screens. A security...

CVE-2020-28044

The CVE-2020-28044 entry applies to a PAX Point Of Sale device running ProlinOS up to 2.4.161.8859R. With physical access, an attacker can boot the device into management mode, enable the XCB service, and gain MAINAPP-privileged access to list, read, create, and overwrite files. The description d...

Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if ...

The vulnerability of the console utility for downloading files with wget arises from insufficient input validation, allowing a attacker to compromise data integrity.

The vulnerability of the console utility for downloading files with wget relates to the lack of processing of the “\r\n” sequence in line continuation strings during the grammatical analysis of HTTP headers containing Set-Cookies. Exploiting this vulnerability allows a remote attacker to insert...

Path traversal

FusionSphere OpenStack V100R006C00SPC102NFVhas a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal...

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...

SunFTP 1.0 Build 9 Unauthorized File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2428/info SunFTP is a freeware ftp server written by Rasmus J.P. Allenheim and associates for the Windows platform. SunFTP contains a vulnerability that may allow ftp users to compromise the server. Users may be able to...

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-12 Vulnerability Laboratory ID VL-ID:...

Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities

Title: ====== Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities Date: ===== 2013-08-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1044 VL-ID: ===== 1044 Common Vulnerability Scoring System: ==================================== 8.9 Introduction: =============...

TA.CMS (TeachArabia) - 'lang' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/50773/info TA.CMS is prone to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and...