Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails to prevent execution of certain tag-based payloads, such as <img src=x onerror=...>, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. Versions 9.14.5, 10.0.8, and 11.1.0 contain a fix for the issue.

CVE Database V5

Detailed information about CVE-2025-53892: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in intlify vue-i18n affe

CVE-2025-53892: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in intlify vue-i18n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53892: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in intlify vue-i18n

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not be revealed nor does this grant access to a host's or service's detail view. Please note that this only affects the restrictions `filter/hosts` and `filter/services`. `filter/objects` is not affected by this and restricts objects as it is supposed to. Version 1.2.2 applies these restrictions properly. As a workaround, one may downgrade to version 1.1.3.

Detailed information about CVE-2025-53840: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Icinga icingadb-web affecting Icinga icingadb-

CVE-2025-53840: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Icinga icingadb-web - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53840: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Icinga icingadb-web

UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients

Source: https://hackread.com/unitedhealth-health-tech-firm-episource-breach/

The reported security incident involves a data breach at Episource, a health technology firm linked to UnitedHealth, which has impacted approximately 5.4 million patients. Episource provides healthcare data management and analytics services, often handling sensitive patient information on behalf of healthcare providers and insurers. The breach reportedly exposed a large volume of protected health information (PHI), which may include personal identifiers, medical histories, insurance details, and other confidential data. Although detailed technical specifics of the breach are limited, the mention of 'RCE' (Remote Code Execution) in the newsworthiness assessment suggests that attackers may have exploited a critical vulnerability allowing them to execute arbitrary code remotely within Episource’s systems. This type of vulnerability typically enables attackers to gain unauthorized access, move laterally within networks, and exfiltrate data. The breach's scale and the nature of the data involved indicate a significant compromise of confidentiality and potentially integrity of patient records. No known exploits in the wild have been reported yet, and there are no patch links or specific affected software versions disclosed. The source of the information is a Reddit InfoSec news post linking to an external article, indicating the incident is recent and under active discussion but with minimal technical details publicly available at this time.

Reddit InfoSec News

Detailed information about UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients. Get real-time updates, technical details, and mitigation st

UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients - Live Threat Intelligence - Threat Radar | OffSeq.com

UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients

Reddit Discussion: UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.

The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

CVE-2025-40923 identifies a security vulnerability in the Plack::Middleware::Session module for Perl, specifically versions before 0.35. This module is responsible for managing session IDs in web applications using the Plack framework. The vulnerability arises from the use of an insecure method to generate session identifiers. The default session ID generator uses a SHA-1 hash seeded with three components: the built-in Perl rand() function, the epoch time, and the process ID (PID). Each of these components contributes to the predictability of the session ID. The rand() function in Perl is not cryptographically secure and can be predicted if the internal state is known or inferred. The epoch time, representing the current time in seconds since Unix epoch, can often be guessed or derived from HTTP headers such as the Date header. The PID is drawn from a limited range of possible values, further reducing entropy. Combining these predictable inputs results in session IDs that can be feasibly guessed or reproduced by an attacker. This predictability violates secure session management principles and can allow attackers to hijack sessions by guessing valid session IDs, leading to unauthorized access to user accounts or sensitive data. The vulnerability is classified under CWE-340 (Generation of Predictable Numbers or Identifiers) and CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator). No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. However, the vulnerability is publicly disclosed and should be addressed promptly.

Detailed information about CVE-2025-40923: CWE-340 Generation of Predictable Numbers or Identifiers in MIYAGAWA Plack::Middleware::Session affecting MIYAGAWA Pl

CVE-2025-40923: CWE-340 Generation of Predictable Numbers or Identifiers in MIYAGAWA Plack::Middleware::Session - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-40923: CWE-340 Generation of Predictable Numbers or Identifiers in MIYAGAWA Plack::Middleware::Session

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack.
This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

Detailed information about CVE-2025-40776: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in ISC BIND 9 affecting ISC BIND 9. Get real-time u

CVE-2025-40776: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in ISC BIND 9

CVE-2025-40776: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in ISC BIND 9

Description

Technical Details

Related Threats

CVE-2025-53892: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in intlify vue-i18n

CVE-2025-53840: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Icinga icingadb-web

CVE-2025-40923: CWE-340 Generation of Predictable Numbers or Identifiers in MIYAGAWA Plack::Middleware::Session

CVE-2025-34300: CWE-20 Improper Input Validation in Sawtooth Software Lighthouse Studio

CVE-2025-53758: CWE-312: Cleartext Storage of Sensitive Information in Digisol XPON ONU Wi-Fi Router (DG-GR6821AC)

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility