Lucene search
K

9 matches found

SUSE CVE
SUSE CVE
added 2026/04/16 11:28 p.m.6 views

SUSE CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS5.7AI score0.00465EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 7:16 p.m.5 views

CVE-2026-40256

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

5CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 7:16 p.m.5 views

CVE-2026-33440

Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17...

5CVSS0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.12 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the Webhook add-on not utilizing existing server-side request forgeing protection...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17, which stemmed from the incorrect limitation of editing ranges in user-managed API endpoints...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained a security vulnerability. This vulnerability stemmed from the ALLOWEDASSETDOMAINS setting, which applied only to initial requests and did not restrict...

5CVSS5.8AI score0.0024EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/31 1:47 p.m.6 views

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.2AI score0.00153EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2022-0433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. Thi...

5.5CVSS6.4AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.5 views

PT-2024-11803 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc3-syzkaller-00316-gb81b1829e7e3 Description: The vulnerability is related to the crypto: af alg module in the Linux kernel. The issue arises because the alg memory allocated field is not used, but the a...

5.5CVSS9AI score0.00195EPSS
Exploits0References10
Rows per page
Query Builder