14 matches found
EUVD-2024-30281
Malicious code in bioql PyPI...
CVE-2024-32466
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2025-20977
Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability...
CVE-2024-32466
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
PT-2024-24593 · Tolgee · Tolgee
Name of the Vulnerable Software and Affected Versions: Tolgee versions prior to 3.57.2 Description: Tolgee is an open-source localization platform. The issue concerns the /v2/projects/translations and /v2/projects/projectId/translations endpoints, where translation data was returned even when the...
SUSE CVE-2013-4492
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
rubygem-i18n: cross-site scripting flaw in exception handling
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
rubygem-i18n: cross-site scripting flaw in exception handling
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
rubygem-i18n: cross-site scripting flaw in exception handling
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
DEBIAN-CVE-2013-4492
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
UBUNTU-CVE-2013-4492
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
CVE-2011-3022
translate/translatemanager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network...