CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

SUSE CVE•added 2026/04/16 11:28 p.m.•1 views

SUSE CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

6.8CVSS5.6AI score0.00017EPSS

Exploits0References3

Snyk•added 2026/04/16 8:41 p.m.•1 views

Directory Traversal

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Directory Traversal via the translation memory API when unintended endpoints are exposed without proper access control. An attacker can acce...

6.9CVSS6.4AI score0.00017EPSS

Exploits0References2

Github Security Blog•added 2026/04/16 8:41 p.m.•3 views

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18516 Workarounds The CDN add-on is not enabled by default. References Thanks to @spbavarva for reporting this responsibly via GitHub...

6.8CVSS5.8AI score0.00017EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/16 8:41 p.m.•4 views

GHSA-MQPH-7H49-HQFM Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

6.8CVSS5.8AI score0.00017EPSS

Exploits0References4

EUVD•added 2026/04/16 8:41 p.m.•2 views

EUVD-2026-23000

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository...

6.8CVSS5.9AI score0.00017EPSS

Exploits0References3

OSV•added 2026/04/16 8:41 p.m.•1 views

GHSA-MPF5-3VPH-Q75R Weblate: Improper access control for the translation memory in API

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...

4.3CVSS5.8AI score0.00011EPSS

Exploits0References4

Snyk•added 2026/04/16 8:41 p.m.•2 views

Missing Authorization

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Missing Authorization in the translation memory API due to unintended endpoints lacking proper access control. An attacker can gain...

5.3CVSS5.7AI score0.00011EPSS

Exploits0References2

Github Security Blog•added 2026/04/16 8:41 p.m.•2 views

Weblate: Improper access control for the translation memory in API

4.3CVSS5.8AI score0.00011EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/04/16 7:22 p.m.•0 views

CVE-2026-33220

6.8CVSS5.8AI score0.00017EPSS

Exploits0References1

OSV•added 2026/04/15 7:16 p.m.•2 views

PYSEC-2026-153

6.8CVSS5.7AI score0.00017EPSS

Exploits0References2

PyPA•added 2026/04/15 7:16 p.m.•8 views

PYSEC-2026-153

6.8CVSS5.7AI score0.00017EPSS

Exploits0References2Affected Software1

NVD•added 2026/04/15 7:16 p.m.•2 views

CVE-2026-33220

6.8CVSS0.00017EPSS

Exploits0References2

OSV•added 2026/04/15 6:17 p.m.•4 views

PYSEC-2026-152

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...

4.3CVSS5.8AI score0.00011EPSS

Exploits0References2

PyPA•added 2026/04/15 6:17 p.m.•8 views

PYSEC-2026-152

4.3CVSS5.7AI score0.00011EPSS

Exploits0References2Affected Software1

NVD•added 2026/04/15 6:17 p.m.•0 views

CVE-2026-33214

4.3CVSS0.00011EPSS

Exploits0References2