9 matches found
CVE-2026-41683
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...
CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...
CVE-2022-50393
creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
September 9, 2025—KB5065427 (OS Build 14393.8422)
None None...
JATOS 安全漏洞
JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker exploiting this vulnerability could hijack the administrator account and compromise the integrity and security of the system...
WordPress plugin WP Ultimate Post Grid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
CVE-2023-1152
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93...
PT-2020-8449
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.0.0 Mattermost Server versions 3.10.2 and earlier Mattermost Server versions 3.9.2 and earlier Description: An issue allows CSRF to occur if CORS is enabled. Recommendations: For versions prior to 4.0.0,...