11 matches found
CVE-2025-69162
Unauthenticated Local File Inclusion in Grecko = 5.17 versions...
CVE-2026-33212
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...
SUSE CVE-2026-34244
Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...
Incorrect Authorization
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Incorrect Authorization in the user API endpoint due to insufficient restriction on the scope of edits. An attacker can gain elevated...
Server-side Request Forgery (SSRF)
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the project.edit permission. A user can access internal network resources and obtain up to 200 character...
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities. These vulnerabilities stemmed from the task API not verifying user access permissions, which could allow unauthorized users to...
CVE-2025-13942
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...
WordPress Ninja Tables plugin < 5.0.17 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by tnt24 in WordPress Plugin Ninja Tables versions 5.0.17...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory...
UBUNTU-CVE-2022-0433
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1...
The vulnerability of the Gentoo Linux operating system, which allows a malicious intruder to compromise the accessibility of protected information
The vulnerability of the file package in the Gentoo Linux operating system up to version 5.17 can lead to the compromise of protected information. This vulnerability can be exploited remotely...