CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Grecko versions = 5.17...

SUSE CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

SUSE CVE-2026-34393

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

SUSE CVE-2026-40256

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

EUVD-2026-23001

Weblate: Remote code execution during backup restoration...

CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

CVE-2026-34393

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

CVE-2026-33212

CVE-2026-33212 affects Weblate (web-based localization tool). The vulnerability lies in the tasks API where, in versions prior to 5.17, access control for pending tasks was not enforced, potentially exposing in-progress task logs to users without the proper scope. The attack requires brute-forcin...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which were caused by a bypass of the repository boundary validation mechanism, potentially leading to path traversal attacks...

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

EUVD-2023-27100

Malicious code in bioql PyPI...

PT-2025-8317 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc5-arm64-renesas-00002-g10393723e35e 522 Description: A bug in the Linux kernel has been identified, causing an "Invalid wait context" error during the restart callback. This issue arises when using the ...

PT-2023-2520 · Zyxel · Zyxel Dx5401-B0

Name of the Vulnerable Software and Affected Versions: ZyXEL DX5401-B0 firmware versions prior to V5.17ABYO.1C0 Description: The issue is related to a buffer overflow vulnerability in the libclinkc.so library of the zhttpd web server. This vulnerability could allow a remote unauthenticated attack...

GSD-2022-1003183 x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave)

x86/fpu: KVM: Set the base guest FPU uABI size to sizeofstruct kvmxsave This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.13 by commit...

PT-2022-7620 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17 Description: The issue is related to a memory leak in the lcd2s component of the Linux kernel. This leak occurs because the struct lcd2s data is never freed once allocated. The problem can be fixed by...

PT-2022-2006

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc8 Description An out-of-bounds OOB memory write flaw exists in the watch queue event notification subsystem. This issue allows the overwriting of parts of the kernel state, which could enable a local user ...

Alstrasoft EPay Enterprise 5.17 - SQL Injection

Alstrasoft EPay Enterprise 5.17 - SQL Injection Exploit Title: Alstrasoft EPay Enterprise v5.17 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/epayenterprise.htm Demo: http://blizsoft.com/enterprise/...