CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3449 matches found

SUSE CVE•added 2026/04/16 11:28 p.m.•2 views

SUSE CVE-2026-39845

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS5.7AI score0.0001EPSS

Exploits0References3

OSV•added 2026/04/16 9:36 p.m.•3 views

GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

8.1CVSS5.8AI score0.0001EPSS

Exploits1References6

Github Security Blog•added 2026/04/16 9:36 p.m.•4 views

Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

9.1CVSS5.8AI score0.0001EPSS

Exploits1References6Affected Software1

Github Security Blog•added 2026/04/16 8:45 p.m.•4 views

Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

4.1CVSS5.8AI score0.0001EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/16 8:45 p.m.•1 views

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

4.1CVSS5.8AI score0.0001EPSS

Exploits0References5

EUVD•added 2026/04/16 8:45 p.m.•3 views

EUVD-2026-23018

Weblate: SSRF via the webhook add-on using unprotected fetchurl...

4.1CVSS5.8AI score0.0001EPSS

Exploits0References3

Snyk•added 2026/04/16 8:45 p.m.•2 views

Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl function in the webhook add-on. An attacker can access internal resources by supplying...

5.9CVSS5.7AI score0.0001EPSS

Exploits0References2

Wordfence Blog•added 2026/04/16 4:45 p.m.•5 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score

Exploits0

PyPA•added 2026/04/15 7:16 p.m.•9 views

PYSEC-2026-156

4.1CVSS5.7AI score0.0001EPSS

Exploits0References2Affected Software1

OSV•added 2026/04/15 7:16 p.m.•5 views

PYSEC-2026-156

4.1CVSS5.7AI score0.0001EPSS

Exploits0References2

NVD•added 2026/04/15 7:16 p.m.•0 views

CVE-2026-39845

4.1CVSS0.0001EPSS

Exploits0References2

CVE•added 2026/04/15 6:26 p.m.•5 views

CVE-2026-39845

Weblate (web-based localization tool) has a vulnerability in versions prior to 5.17 where the webhook add-on did not apply SSRF protections. The root cause is exposure via the webhook add-on’s fetch_url() path, enabling potential SSRF risks as described in the CVE entry. The issue is fixed in ver...

4.1CVSS5.7AI score0.0001EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/15 6:26 p.m.•1 views

CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

4.1CVSS5.7AI score0.0001EPSS

Exploits0References2

ATTACKERKB•added 2026/04/15 6:26 p.m.•0 views

CVE-2026-39845

4.1CVSS5.7AI score0.0001EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/15 6:26 p.m.•16 views

CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

4.1CVSS0.0001EPSS

Exploits0References2

Cvelist•added 2026/04/15 2:59 p.m.•27 views

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

5.3CVSS0.00066EPSS

Exploits0References1

Vulnrichment•added 2026/04/15 2:59 p.m.•0 views

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

5.3CVSS5.8AI score0.00066EPSS

Exploits0References1

CVE•added 2026/04/15 2:59 p.m.•56 views

CVE-2025-12141

CVE-2025-12141 affects Grafana Alerting: users with edit permissions on a contact point (alert.notifications:write or alert.notifications.receivers:test) granted via the fixed role Contact Point Writer within the Editor role can modify destinations of contact points created by others. An attacker...

6.5CVSS5.8AI score0.00066EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/15 12:0 a.m.•6 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the Webhook add-on not utilizing existing server-side request forgeing protection...

4.1CVSS5.8AI score0.0001EPSS

Exploits0References1

Positive Technologies•added 2026/04/15 12:0 a.m.•2 views

PT-2026-33124

4.1CVSS5.7AI score0.0001EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by