7 matches found
SUSE CVE-2026-34244
Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...
EUVD-2026-23004
Weblate: SSRF via Project-Level Machinery Configuration...
Server-side Request Forgery (SSRF)
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the project.edit permission. A user can access internal network resources and obtain up to 200 character...
Weblate: SSRF via Project-Level Machinery Configuration
Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...
GHSA-XRWR-FCW6-FMQ8 Weblate: SSRF via Project-Level Machinery Configuration
Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17. This vulnerability stemmed from a machine translation service URL that could be configured by users with the project.edit...
Exploit for CVE-2024-25503
CVE-2024-25503 Vulnerability type : Cross Site Scripting...