13 matches found
CVE-2026-33435
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration
Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...
PYSEC-2026-154
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
PYSEC-2026-154
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
CVE-2026-33435
Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).
CVE-2026-33435 Weblate: Remote code execution during backup restoration
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
NewStart CGSL MAIN 7.02 : python-pip Vulnerability (NS-SA-2025-0142)
The remote NewStart CGSL host, running version MAIN 7.02, has python-pip packages installed that are affected by a vulnerability: - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...
Azure Linux 3.0 Security Update: python3 (CVE-2023-5752)
The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...
Linux Distros Unpatched Vulnerability : CVE-2023-5752
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject...
MGASA-2025-0055 Updated python-pip packages fix security vulnerability
Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...
Updated python-pip packages fix security vulnerability
Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...
RHEL 7 : pip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pip: Mercurial configuration injectable in repo revision when installing via pip CVE-2023-5752 Note that Nessus has...
PYSEC-2023-228
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...