OPENSUSE-SU-2026:10929-1 weblate-5.17.1-1.1 on GA media

These are all security issues fixed in the weblate-5.17.1-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...

PT-2026-37127

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description When a user changes their password, browser sessions are invalidated using the cycle session keys function, but Django REST Framework DRF API tokens with the wlu prefix stored in authtoken token are...

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

DEBIAN-CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

UBUNTU-CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001690 advisory. In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c. Tenable has extracted the preceding description block directly from the Unity...

EUVD-2022-43974

Malicious code in bioql PyPI...

EUVD-2022-32834

Malicious code in bioql PyPI...

EUVD-2022-32806

Malicious code in bioql PyPI...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

Grouper 安全漏洞

Grouper is an Internet2 open source enterprise access management system designed for highly distributed administrative environments and heterogeneous information technology environments common to colleges and universities. A security vulnerability exists in Grouper versions 5.17.1 through prior t...