5 matches found
CVE-2026-32251 Tolgee has an XXE Injection in Translation Import
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...
EUVD-2026-11691
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...
PT-2026-25060
Name of the Vulnerable Software and Affected Versions Tolgee versions prior to 3.166.3 Description Tolgee is an open-source localization platform. The XML parsers used for importing Android XML resources .xml and .resx files do not disable external entity processing. An authenticated user who can...
CVE-2018-14581
Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object such as a DLL or EXE file with a specific embedded resource file. Recent assessments: zeroSteiner at March 20, 2020 12:43pm UTC reported: A crafted .RESX...
openSUSE Security Update : translate-toolkit (openSUSE-2018-130)
This update for translate-toolkit to 2.2.4 fixes several issues. This security issue was fixed : - Prevent inclusion of external ressources XXE boo1073535 These non-security issues were fixed : - Added support for nested and WebExtension JSON dialects. - po2txt no longer converts non-translatable...