Lucene search
K

49 matches found

OSV
OSV
added 2026/06/17 12:0 a.m.3 views

OPENSUSE-SU-2026:11051-1 weblate-5.17.1-2.1 on GA media

These are all security issues fixed in the weblate-5.17.1-2.1 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.2AI score0.00291EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/05 12:0 a.m.7 views

weblate-5.17.1-1.1 on GA media (moderate)

weblate-5.17.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10929-1 Rating: moderate Cross-References: CVE-2026-41519 CVE-2026-41654 CVE-2026-44263 CVE-2026-44264 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...

8.1CVSS5.5AI score0.00371EPSS
Exploits0
OSV
OSV
added 2026/06/01 12:0 a.m.6 views

OPENSUSE-SU-2026:10929-1 weblate-5.17.1-1.1 on GA media

These are all security issues fixed in the weblate-5.17.1-1.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

4.2CVSS5.7AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:21 a.m.9 views

SUSE CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.12 views

SUSE CVE-2026-44264

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/07 1:42 p.m.8 views

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:42 p.m.5 views

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:41 p.m.6 views

CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

4.2CVSS5.7AI score0.00228EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/07 1:41 p.m.19 views

CVE-2026-41519

CVE-2026-41519 affects Weblate prior to 5.17.1, where DRF API tokens with wlu_ prefix stored in authtoken_token are not revoked on password change, while browser sessions are invalidated via cycle_session_keys(). The connected advisory confirms the issue impact and provides remediation: upgrade t...

5.4CVSS5.7AI score0.00228EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/07 1:41 p.m.36 views

CVE-2026-41519 Weblate's API Token Not Invalidated on Password Change

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

4.2CVSS0.00228EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 1:41 p.m.3 views

CVE-2026-41519 Weblate's API Token Not Invalidated on Password Change

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

4.2CVSS5.9AI score0.00228EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/07 1:40 p.m.8 views

CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

5.3CVSS5.7AI score0.00371EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...

4.3CVSS5.8AI score0.00275EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 5:28 p.m.9 views

Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the ProjectBackup restore path in the backup import code. An attacker can supply a crafted project...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.14 views

PT-2026-37127

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description When a user changes their password, browser sessions are invalidated using the cycle session keys function, but Django REST Framework DRF API tokens with the wlu prefix stored in authtoken token are...

5.4CVSS5.8AI score0.00228EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/04/09 11:25 p.m.5 views

SUSE CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS5.7AI score0.00147EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 3:16 p.m.3 views

DEBIAN-CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS7.6AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 3:16 p.m.4 views

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 3:16 p.m.3 views

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS0.00153EPSS
Exploits0References2
Rows per page
Query Builder