Lucene search
+L

5 matches found

vulnrichment
vulnrichment
added 2026/02/26 9:56 p.m.5 views

CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References6
cvelist
cvelist
added 2026/02/26 9:56 p.m.24 views

CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS0.00303EPSS
Exploits0References6
osv
osv
added 2026/02/26 9:56 p.m.7 views

CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References8
snyk
snyk
added 2026/02/26 7:45 p.m.4 views

Missing Authorization

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Missing Authorization in the AddonViewSet API, which allows unauthorized users to access add-on configuration data. An attacker can obtain...

5.3CVSS5.9AI score0.00303EPSS
Exploits0References2
github
github
added 2026/02/26 7:45 p.m.8 views

Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Impact Users were able to obtain add-on configuration via API. Patches https://github.com/WeblateOrg/weblate/pull/18107 https://github.com/WeblateOrg/weblate/pull/18164 References Weblate thanks @lighthousekeeper1212 for responsible disclosure...

4.3CVSS5.3AI score0.00303EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder