Every CVE whose affected-product data names Tolgee, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-52297 — CVSS 9.8 (critical): Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO…
CVE-2023-38510 — CVSS 8.1 (high): Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API…
CVE-2024-32470 — CVSS 6.5 (medium): Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This…
CVE-2026-32251 — CVSS 6.5 (medium): Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx…
CVE-2023-41316 — CVSS 5.5 (medium): Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected…
CVE-2024-32466 — CVSS 2.7 (low): Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints…