Lucene search
K

519 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-54262 Wagtail: Pages translations can be created without page permissions when using simple_translation

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago6 views

CVE-2026-54262

Wagtail’s CVE-2026-54262 affects the translation feature. In versions before 7.0.8, 7.3.3, and 7.4.2, a user with the can submit translation permission could create translations for any page, including pages they lack access to. The root cause is described as a permission/authorization issue rela...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/13 5:32 a.m.26 views

CVE-2026-9109

CVE-2026-9109 : Stored Cross-Site Scripting in GPTranslate – Multilingual AI Translation for WordPress (versions ≤ 2.31) due to insufficient input sanitization and output escaping in REST API Translation Storage. Unauthenticated users can inject scripts; the API key (SHA-256 of site URL) is print...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-44779

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4141

The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation in the quranplaylistoptions function that handles the plugin's settings page. The function processes POST requests to update...

4.3CVSS5.3AI score0.0016EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.9 views

openSUSE 16 Security Update : evince (openSUSE-SU-2026:20850-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20850-1 advisory. Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: - shell: Quote strings in arguments used when calling evspawn - Update to version...

8.4CVSS5.7AI score0.00529EPSS
Exploits0References3
OSV
OSV
added 2026/05/31 10:29 a.m.3 views

OPENSUSE-SU-2026:20850-1 Security update for evince

This update for evince fixes the following issues: Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: + shell: Quote strings in arguments used when calling evspawn - Update to version 48.1+6: + build: bump DjVuLibre version required + libview: Fix crash in the accessible code...

8.4CVSS5.9AI score0.00529EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 12:35 a.m.16 views

Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Affected Component - Package:...

6.9CVSS6.1AI score0.00457EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.11 views

SUSE CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 9:16 p.m.12 views

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

4.7CVSS0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 8:1 p.m.6 views

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

4.7CVSS5.9AI score0.00144EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/07 8:1 p.m.12 views

EUVD-2026-28440

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

4.7CVSS5.9AI score0.00144EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:42 p.m.8 views

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 1:42 p.m.73 views

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS0.00288EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 12:3 a.m.11 views

Information Exposure

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Information Exposure in the Screenshot API, tasks API, and component link API. An attacker can access private translation data by enumeratin...

5.3CVSS5.8AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 12:3 a.m.5 views

GHSA-GCG5-86JR-F7JG Weblate Vulnerable to Private Translation Enumeration via Screenshot API

Impact The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Patches https://github.com/WeblateOrg/weblate/pull/19258 Acknowledgement Weblate thanks Luay for reporting this vulnerability according to the organization's...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.8 views

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2026:1648-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1648-1 advisory. Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy...

8.8CVSS5.9AI score0.0072EPSS
Exploits2References25
Fedora
Fedora
added 2026/04/25 1:55 a.m.14 views

[SECURITY] Fedora 44 Update: qt6-qttranslations-6.10.3-1.fc44

Qt6 - QtTranslations module...

5.2AI score
Exploits0
Rows per page
Query Builder