Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41885

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

6.5CVSS5.4AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 4:16 p.m.18 views

CVE-2026-41885

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

6.5CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:41 p.m.32 views

CVE-2026-41885 Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

6.5CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:41 p.m.7 views

CVE-2026-41885

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/08 3:41 p.m.9 views

EUVD-2026-28795

i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:41 p.m.16 views

CVE-2026-41885

CVE-2026-41885 affects i18next-locize-backend prior to version 9.0.2. The issue arises when the backend interpolates values (lng, ns, projectId, version) directly into URL templates (loadPath/privatePath/addPath/updatePath/getLanguagesPath) without encoding or validation, enabling user-controlled...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

i18next-locize-backend 路径遍历漏洞

i18next-locize-backend is an open-source plugin for internationalization resource loading and key storage by locize. Versions of i18next-locize-backend prior to 9.0.2 had a path traversal vulnerability. This vulnerability arises from directly inserting lng, ns, projectId, and version into the URL...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 8:28 p.m.5 views

Directory Traversal

Overview i18next-locize-backend is an i18next-locize-backend is a backend layer for i18next to use locize service which can be used in node.js, in the browser and for deno. Affected versions of this package are vulnerable to Directory Traversal via the lng, ns, projectId, or version parameters,...

6.9CVSS6.3AI score0.00224EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/22 8:28 p.m.7 views

@aedwards/ohif-viewer (>=5.0.1 <=5.0.14), @bitrefill/airfill-widget (>=3.6.0 <=4.1.7) +55 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=0.0.1 <=9.0.1)

i18next-locize-backend NPM version =0.0.1, =5.0.1, =3.6.0, =1.7.5, =1.0.5, =9.14.0, =1.0.0, =1.0.1, =0.8.1, =0.8.1, =1.0.0, =1.0.0, =0.0.11, =0.53.0-14, =0.53.3 and more Source cves: CVE-2026-41885 Source advisory: OSV:GHSA-MGCP-MFP8-3Q45...

6.5CVSS5.8AI score0.00224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 8:28 p.m.9 views

locizer (>=5.0.0 <=5.0.1), locizify (>=9.0.0 <=9.0.9) +1 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=9.0.0 <=9.0.1)

i18next-locize-backend NPM version =9.0.0, =5.0.0, =9.0.0, =2.0.0, =2.0.6 Source cves: CVE-2026-41885 Source advisory: SNYK:JS-I18NEXTLOCIZEBACKEND-16415530...

6.5CVSS5.8AI score0.00224EPSS
Exploits0
OSV
OSV
added 2026/04/22 8:28 p.m.5 views

GHSA-MGCP-MFP8-3Q45 i18next-locize-backend has URL Injection via Unsanitized Path Parameters

Summary Versions of i18next-locize-backend prior to 9.0.2 interpolate lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLanguagesPath URL templates with no path-component validation and no encoding. When an application exposes any of...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 8:28 p.m.10 views

i18next-locize-backend has URL Injection via Unsanitized Path Parameters

Summary Versions of i18next-locize-backend prior to 9.0.2 interpolate lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLanguagesPath URL templates with no path-component validation and no encoding. When an application exposes any of...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.13 views

PT-2026-37155

Name of the Vulnerable Software and Affected Versions i18next-locize-backend versions prior to 9.0.2 Description The software interpolates lng, ns, projectId, and version directly into configured URL templates such as 'loadPath', 'privatePath', 'addPath', 'updatePath', and 'getLanguagesPath'...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
Rows per page
Query Builder