CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2026/04/16 8:45 p.m.•10 views

Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

Exploits0References5Affected Software1

OSV•added 2026/04/16 8:45 p.m.•5 views

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

EUVD•added 2026/04/16 8:45 p.m.•5 views

Exploits0References5

EUVD-2026-23018

Weblate: SSRF via the webhook add-on using unprotected fetchurl...

Wordfence Blog•added 2026/04/16 4:45 p.m.•9 views

Exploits0References3

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score

Exploits0

NVD•added 2026/04/15 7:16 p.m.•4 views

CVE-2026-39845

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS0.00275EPSS

OSV•added 2026/04/15 7:16 p.m.•8 views

PYSEC-2026-156

PyPA•added 2026/04/15 7:16 p.m.•11 views

PYSEC-2026-156

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/15 6:26 p.m.•2 views

CVE-2026-39845

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/15 6:26 p.m.•2 views

CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Cvelist•added 2026/04/15 6:26 p.m.•18 views

CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

4.1CVSS0.00275EPSS

CVE•added 2026/04/15 6:26 p.m.•16 views

CVE-2026-39845

Weblate (web-based localization tool) has a vulnerability in versions prior to 5.17 where the webhook add-on did not apply SSRF protections. The root cause is exposure via the webhook add-on’s fetch_url() path, enabling potential SSRF risks as described in the CVE entry. The issue is fixed in ver...

Exploits0References2Affected Software1

CVE•added 2026/04/15 2:59 p.m.•62 views

CVE-2025-12141

CVE-2025-12141 affects Grafana Alerting: users with edit permissions on a contact point (alert.notifications:write or alert.notifications.receivers:test) granted via the fixed role Contact Point Writer within the Editor role can modify destinations of contact points created by others. An attacker...

6.5CVSS5.8AI score0.00255EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/15 2:59 p.m.•3 views

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

5.3CVSS5.8AI score0.00255EPSS

Exploits0References1

Cvelist•added 2026/04/15 2:59 p.m.•31 views

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

5.3CVSS0.00255EPSS

Exploits0References1

Positive Technologies•added 2026/04/15 12:0 a.m.•10 views

PT-2026-33124

CNNVD•added 2026/04/15 12:0 a.m.•10 views

Exploits0References4

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the Webhook add-on not utilizing existing server-side request forgeing protection...