9 matches found
SUSE CVE-2026-34242
Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...
CVE-2026-40256
Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...
CVE-2026-33440
Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17...
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the Webhook add-on not utilizing existing server-side request forgeing protection...
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17, which stemmed from the incorrect limitation of editing ranges in user-managed API endpoints...
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained a security vulnerability. This vulnerability stemmed from the ALLOWEDASSETDOMAINS setting, which applied only to initial requests and did not restrict...
CVE-2026-33762
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...
Linux Distros Unpatched Vulnerability : CVE-2022-0433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. Thi...
PT-2024-11803 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc3-syzkaller-00316-gb81b1829e7e3 Description: The vulnerability is related to the crypto: af alg module in the Linux kernel. The issue arises because the alg memory allocated field is not used, but the a...