3 matches found
Server-side Request Forgery (SSRF)
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl function in the webhook add-on. An attacker can access internal resources by supplying...
CVE-2026-39845
Weblate (web-based localization tool) has a vulnerability in versions prior to 5.17 where the webhook add-on did not apply SSRF protections. The root cause is exposure via the webhook add-on’s fetch_url() path, enabling potential SSRF risks as described in the CVE entry. The issue is fixed in ver...
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
The remote PHP-Nuke service has a version of the 'Gallery' Add-on that allow attackers to read arbitrary files on this host. Every file that the web server has access to can be read by anyone. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...