CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

GHSA-5FGG-JCPF-8JJW i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...

Exploit for CVE-2025-49132

CVE-2025-49132: Pterodactyl Panel Unauthenticated RCE via PHP...

EUVD-2021-20570

Malware in sbrugna...

firefox security update

128.14.0-2.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.14.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.14.0-2 - Add missing translations 128.14.0-1 - Update to 128.14.0 build1...

Pterodactyl Panel 代码注入漏洞

Pterodactyl Panel is a free open source game server administration panel from Pterodactyl Open Source. A code injection vulnerability exists in Pterodactyl Panel versions prior to 1.11.11, which stems from the /locales/locale.json endpoint that does not validate the locale and namespace parameter...

Arbitrary Code Injection

Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /locales/locale.json endpoint when processing the locale and namespace query parameters. An attacker can execute arbitrary code on the server by sending...

SUSE CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /locales/resources.json endpoint. An attacker can access any files with the .json extension on the console's pod. Details A Directory Traversal attack also known as path traversal aims to access files and...

GHSA-J3F9-P6HM-5W6Q Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

PT-2024-17659 · WordPress · Store Locator For Wordpress With Google Maps – Lotsoflocales

Name of the Vulnerable Software and Affected Versions: The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress version 3.98.9 Description: The issue is a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitrary files o...

Malicious code in @next-translate-root/locales (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2632 Malicious code in @next-translate-root/locales (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2394 Malicious code in front-locales (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

GHSA-WFV7-5X33-V22H Code injection in the way Symfony implements translation caching in FrameworkBundle

When investigating issue 11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...

Malicious code in @airslate/front-locales (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41b723776c055272b1cc4c219aba6cfae1a13b0ff87d90e8f0667b79d626e00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-47446

Cross-Site Request Forgery CSRF vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin = 3.98.7 versions...

WordPress plugin Store Locator for WordPress with Google Maps – LotsOfLocales 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress Store Locator for WordPress with Google Maps - LotsOfLocales plugin version 3.98.7 an...