Cross-site Scripting (XSS)

Overview wlc is an A command-line utility for Weblate, translation tool with tight version control integration Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML output rendering paths in the output formatter. An attacker can inject arbitrary markup or...

wlc: print_html outputs API data without HTML escaping

Impact The HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. Patches https://github.com/WeblateOrg/wlc/pull/1327 Workarounds The only vulnerable code path is HTML output which is opt-in. Reference...

CVE-2017-20233 Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access...

CVE-2015-10148

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

📄 wlc SSL Certification Validation Bypass

This proof of concept demonstrates a security issue in wlc versions earlier than 1.17.0, where SSL/TLS certificate validation can be bypassed. By attempting connections to endpoints with invalid certificates such as self‑signed or expired certificates, the proof of concept verifies whether wlc...

Ubuntu: Security Advisory (USN-7981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : wlc vulnerabilities (USN-7981-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7981-1 advisory. It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this iss...

USN-7981-1: wlc vulnerabilities

It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this issue to access sensitive resources. CVE-2026-22250 It was discovered that wlc did not correctly handle API keys. An attacker could possibly use this issue to leak API keys to a malicious...

CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command

Impact Multi-translation download could write to an arbitrary location when instructed by a crafted server. Patches https://github.com/WeblateOrg/wlc/pull/1128 Workarounds Do not use wlc download with untrusted servers. References This issue was reported to us by wh1zee via HackerOne...

Weblate wlc has insecure API key configuration

Impact Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server. Patches https://github.com/WeblateOrg/wlc/pull/1098 Workarounds Remove unscoped...

EUVD-2019-10357

Malware in sbrugna...

EUVD-2014-6265

Malware in sbrugna...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237918. CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238919...

CVE-2023-20251

CVE-2023-20251 affects Cisco Wireless LAN Controller (WLC) AireOS Software. The issue is described as a vulnerability in the memory buffer that allows an unauthenticated, adjacent attacker to trigger memory leaks by orchestrating multiple wireless clients to connect to an access point, which can ...

CVE-2023-20100

CVE-2023-20100 concerns Cisco IOS XE Software for Wireless LAN Controllers (WLCs) CAPWAP join process. The vulnerability arises from a logic error during AP joining, enabling an unauthenticated, remote attacker to trigger a DoS by causing the affected device to restart. Exploitation involves addi...

CVE-2022-20769

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient error validation. An attacker coul...

CVE-2022-20769

Cisco Wireless LAN Controller AireOS Software firmware with FIPS mode enabled is affected by CVE-2022-20769. The issue arises from insufficient error validation in the authentication function, allowing an unauthenticated, adjacent attacker to send crafted packets that crash the WLC and cause a Do...

CVE-2022-20695

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...