CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2059 matches found

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.5AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2 days ago•2 views

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.6AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-33214

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...

4.3CVSS5.3AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-33440

Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17...

5CVSS5.3AI score0.00011EPSS

Exploits0References1

Vulnrichment•added 2 days ago•6 views

CVE-2026-25621 Arista Edge Threat Management NGFW Reports Application Insecure Input Validation

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...

7CVSS5.4AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-39845

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS5.3AI score0.0001EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.3AI score0.00009EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-44264

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

4.3CVSS5.3AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-34393

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

8.8CVSS5.3AI score0.00016EPSS

Exploits0References1