13 matches found
EUVD-2026-37005
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input. Backend.writeFile splits each queued missing-key string on the configured...
Prototype Pollution
Overview next-intl is an Internationalization i18n for Next.js Affected versions of this package are vulnerable to Prototype Pollution in the setNestedProperty function when processing translation catalog keys containing reserved properties such as proto, constructor, or prototype. An attacker ca...
Prototype Pollution
counterpart is vulnerable to Prototype Pollution. The vulnerability is due to insufficient sanitization of user-controlled translation keys, which allows an attacker to supply crafted keys containing prototype chain elements to inject arbitrary properties into the JavaScript Object prototype,...
EUVD-2025-31046
Malicious code in bioql PyPI...
CVE-2025-57354
A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...
counterpart vulnerable to prototype pollution
A vulnerability exists in the counterpart library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying malicious...
GHSA-2488-W585-72CH counterpart vulnerable to prototype pollution
A vulnerability exists in the counterpart library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying malicious...
CVE-2025-57354
A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...
CVE-2025-57354
A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...
CVE-2025-57354
A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...
PT-2025-39318
Name of the Vulnerable Software and Affected Versions counterpart versions prior to 0.18.6 Description A flaw exists in the 'counterpart' library for Node.js and the browser because of inadequate sanitization of user-controlled input during translation key processing. Insufficient validation of...
CVE-2025-57354
A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...
CVE-2025-57354
The CVE-2025-57354 entry concerns the counterpart library for Node.js and the browser. Affected versions before 0.18.6 are vulnerable to prototype pollution due to insufficient sanitization of translation key inputs. Attackers can supply specially crafted keys containing prototype chain elements ...