CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

CVE-2024-32466

Tolgee's CVE-2024-32466 affects the Tolgee localization platform. The vulnerability concerns the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints, where translation data could be returned when the API key lacked the translation.view scope, potentially exposing data to...

CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

April 2, 2024, update for Access 2016 (KB5002525)

April 2, 2024, update for Access 2016 KB5002525 This article describes update 5002525 for Microsoft Access 2016 that was released on April 2, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

GHSA-39FP-MQMM-GXJ6 CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

Fedora: Security Advisory for args4j (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: args4j-2.33-26.fc40

args4j is a small Java class library that makes it easy to parse command line options/arguments in your CUI application. - It makes the command line parsing very easy by using annotations - You can generate the usage screen very easily - You can generate HTML/XML that lists all options for your...

CVE-2024-0774 Any-Capture Any Sound Recorder Registration memory corruption

A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack...

[SECURITY] Fedora 39 Update: golang-x-text-0.14.0-1.fc39

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

[SECURITY] Fedora 38 Update: golang-x-text-0.14.0-1.fc38

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

Fedora: Security Advisory for golang-x-text (FEDORA-2024-fd3545a844)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Backend Localization <= 2.1.10 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-44471

Cross-Site Request Forgery CSRF vulnerability in Bernhard Kau Backend Localization plugin = 2.1.10 versions...

CVE-2023-44471

Cross-Site Request Forgery CSRF vulnerability in Bernhard Kau Backend Localization plugin = 2.1.10 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Bernhard Kau Backend Localization plugin = 2.1.10 versions...

CVE-2023-44471 WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Bernhard Kau Backend Localization plugin = 2.1.10 versions...

CVE-2023-44471

CVE-2023-44471 is a CSRF vulnerability in Bernhard Kau Backend Localization plugin for WordPress, affecting versions

WordPress Plugin kau-boys-backend-localization Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-29251 · Unknown · Bernhard Kau Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Bernhard Kau Backend Localization plugin versions = 2.1.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...