CVE-2026-48713 i18next-fs-backend: Prototype pollution via crafted missing-key string

Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input. Backend.writeFile splits each queued missing-key string on the configured...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filesystem and filesystem-nio2 storage backends. Users of these storage backends could unintentionally expose local files to authenticated clients. Details A Directory Traversal attack also known as path...

S3Proxy 路径遍历漏洞

S3Proxy is an S3 API from the individual developer Andrew Gaul. A path traversal vulnerability exists in S3Proxy versions prior to 2.6.0, which stems from the fact that the filesystem and filesystem-nio2 storage backends may inadvertently expose local files to users...

PT-2025-5605 · Org.Gaul · 3Proxy

Name of the Vulnerable Software and Affected Versions: org.gaul S3Proxy versions prior to 2.6.0 Description: The issue affects users of the filesystem and filesystem-nio2 storage backends, potentially exposing local files to authenticated clients. This could lead to unauthorized access to sensiti...