EUVD-2010-4789

Malware in sbrugna...

EUVD-2022-15613

Malicious code in bioql PyPI...

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

OTRS 跨站脚本漏洞

OTRS is an application from the German company OTRS. A service management software. A cross-site scripting vulnerability exists in OTRS, which stems from the translator's lack of filtering and escaping for a small number of translatable strings, and can be exploited to execute JavaScript code by...

Cross-site Scripting (XSS)

viewcomponent is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization in the translate method in the translatable.rb file...

XSS via `translate` method of `ViewComponent::Translatable` in view_component gem

This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released...

Improper access control

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

CVE-2020-25025

The l10nmgr aka Localization Manager extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure translatable fields...

CVE-2020-25025

The l10nmgr aka Localization Manager extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure translatable fields...

Information Disclosure in extension "Localization Manager" (l10nmgr)

A missing access check allows an authenticated backend user to view and export data of translatable fields which are outside of the users access scope resulting in Information Disclosure...

[SECURITY] Fedora 30 Update: drupal7-path_breadcrumbs-3.4-1.fc30

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

Security update for glib2 (moderate)

This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference crash. Avoid that, at the cost of introducing a new translatable error message bsc1107121. - CVE-2018-16429: Fixed out-of-bounds read vulnerability...

openSUSE Security Update : translate-toolkit (openSUSE-2018-130)

This update for translate-toolkit to 2.2.4 fixes several issues. This security issue was fixed : - Prevent inclusion of external ressources XXE boo1073535 These non-security issues were fixed : - Added support for nested and WebExtension JSON dialects. - po2txt no longer converts non-translatable...

[SECURITY] Fedora 24 Update: drupal7-title-1.0-0.7.alpha9.fc24

While working on the new content translation system http://api.drupal.org/api/group/fieldlanguage/7 for Drupal 7, we the Dr upal core i18n team faced the need to convert node titles to the Field API in o rder to make nodes fully translatable. We were not able to make this happen in Drupal 7 core ...

[SECURITY] Fedora 22 Update: drupal7-path_breadcrumbs-3.3-1.fc22

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

[SECURITY] Fedora 20 Update: drupal7-path_breadcrumbs-3.2-1.fc20

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

CVE-2010-4824

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter...

Sql injection

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter...

CVE-2010-4824

SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter...