Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.2AI score0.00708EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 8:41 p.m.3 views

GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration

Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...

8CVSS6.4AI score0.00708EPSS
Exploits0References5
PyPA
PyPA
added 2026/04/15 7:16 p.m.13 views

PYSEC-2026-154

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00708EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/15 7:16 p.m.11 views

PYSEC-2026-154

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00708EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 6:13 p.m.14 views

CVE-2026-33435

Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).

8CVSS6.4AI score0.00708EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 6:13 p.m.5 views

CVE-2026-33435 Weblate: Remote code execution during backup restoration

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00708EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : python-pip Vulnerability (NS-SA-2025-0142)

The remote NewStart CGSL host, running version MAIN 7.02, has python-pip packages installed that are affected by a vulnerability: - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/19 12:0 a.m.4 views

Azure Linux 3.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-5752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject...

5.5CVSS6.6AI score0.00476EPSS
Exploits0References4
OSV
OSV
added 2025/02/12 6:37 a.m.41 views

MGASA-2025-0055 Updated python-pip packages fix security vulnerability

Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...

5.5CVSS6AI score0.00476EPSS
Exploits0References3
Mageia
Mageia
added 2025/02/12 6:37 a.m.48 views

Updated python-pip packages fix security vulnerability

Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...

5.5CVSS6AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.29 views

RHEL 7 : pip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pip: Mercurial configuration injectable in repo revision when installing via pip CVE-2023-5752 Note that Nessus has...

6.9AI score0.00476EPSS
Exploits0References1
PyPA
PyPA
added 2023/10/25 6:17 p.m.5 views

PYSEC-2023-228

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

5.5CVSS7.5AI score0.00476EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder