Lucene search
K

50 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.15

A vulnerability has been identified in the Linux kernel and is classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the IPv6 Handler component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issue...

6.4CVSS5.4AI score0.00301EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.18, prior to 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case of smb2write...

8.1CVSS6.7AI score0.01393EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 7:56 p.m.34 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 4:41 p.m.9 views

GHSA-HFPV-MC5V-P9MM Weblate has a Server-Side Request Forgery issue

Impact The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to supply...

5CVSS5.9AI score0.00182EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-pf: Fixed the use of GFPKERNEL in atomic contexts for rt. The commit 4af1b64f80fb “octeontx2-pf: Fixed the lmtst ID used in aurafree” uses get/putcpu to protect the usage of percpu pointers in the -aurafreeptr...

5.5CVSS6.4AI score0.00136EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: ac97 – Fixed a possible NULL dereference in sndac97mixer. Smatch error: sound/pci/ac97/ac97codec.c:2354; sndac97mixer error: We previously assumed that ‘rac97’ could be null see line 2072. Removed redundant assignments;...

5.5CVSS5.7AI score0.00194EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

7.5CVSS7.5AI score0.01287EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.6 views

EUVD-2026-26396

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...

5.6AI score0.00435EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.22 views

CVE-2025-67715

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.8AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 1:15 a.m.5 views

CVE-2025-67715

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 1:15 a.m.7 views

PYSEC-2025-233

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS5.8AI score0.00235EPSS
Exploits0References2
PyPA
PyPA
added 2025/12/16 1:15 a.m.12 views

PYSEC-2025-233

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/16 1:15 a.m.9 views

PYSEC-2025-232

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 12:5 a.m.6 views

CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS6.7AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51349

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. Versions prior to 5.15 were susceptible to unauthorized triggering of repository updates through a specially crafted webhook payload. Disabling webhooks using...

5.3CVSS6.5AI score0.00235EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/12/15 11:36 p.m.4 views

CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

5CVSS6.1AI score0.00182EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:21 p.m.2 views

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

1CVSS6.4AI score0.00319EPSS
Exploits0References4
CVE
CVE
added 2025/12/15 8:21 p.m.10 views

CVE-2025-64725

CVE-2025-64725 affects Weblate (web-based localization tool). Multiple sources confirm a flaw in the invitation-acceptance flow: an invitation opened by one user could be accepted by another due to improper validation prior to version 5.15. The vulnerability enables unauthorized access to invitat...

9.8CVSS6.4AI score0.00319EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/15 8:21 p.m.16 views

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

1CVSS0.00319EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple Open Source. A security vulnerability exists in CMSimple version 5.15 that originates from an authenticated user being able to modify file extensions and upload malicious PHP files, which could lead to remote command execution...

8.8CVSS7.1AI score0.00823EPSS
Exploits1References5
Rows per page
Query Builder