CVE-2026-32251

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

EUVD-2026-11691

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

EUVD-2023-45832

Malicious code in bioql PyPI...

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

Tolgee 安全漏洞

Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee versions 3.14.0 through 3.23.1 that stems from the fact that when a...

PT-2023-26488 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions 3.14.0 through 3.23.1 Description: Tolgee is an open-source localization platform. When a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing...