Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44264

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

4.3CVSS5.3AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 3:16 p.m.48 views

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS0.00288EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:43 p.m.8 views

CVE-2026-44264

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00275EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 1:43 p.m.9 views

CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

4.3CVSS5.7AI score0.00275EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 1:43 p.m.4 views

CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References6
OSV
OSV
added 2026/05/07 1:42 p.m.2 views

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS5.9AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/05/07 1:42 p.m.27 views

CVE-2026-44263

Weblate before 5.17.1 exposed private translations via the Screenshot API, Task, and component link APIs, enabling enumeration of translations in projects not accessible to the user. Root cause: these API surfaces allowed access to translation metadata, leaking otherwise inaccessible content. Imp...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/07 1:42 p.m.74 views

CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

4.3CVSS0.00288EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/30 5:28 p.m.15 views

Insufficient Session Expiration

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Insufficient Session Expiration through the SetPasswordForm and resetpassword/resetapikey account handlers in the accounts component. An...

6.3CVSS5.7AI score0.00228EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which...

5CVSS7.1AI score0.00147EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 3:16 p.m.2 views

DEBIAN-CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.2AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:16 p.m.6 views

UBUNTU-CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS5.7AI score0.00147EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 1:47 p.m.17 views

EUVD-2026-17443

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.7AI score0.00153EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 5:5 p.m.10 views

go-git missing validation decoding Index v4 files leads to panic

Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...

2.8CVSS5.9AI score0.00153EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/30 5:5 p.m.3 views

GHSA-GM2X-2G9H-CCM8 go-git missing validation decoding Index v4 files leads to panic

Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...

2.8CVSS5.9AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.12 views

PT-2022-7673 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.1 Description: The vulnerability is related to a "scheduling while atomic" bug in the Linux kernel, specifically in the ice driver. This bug occurs when the function to unplug aux devices is called twice,...

8.4CVSS6.6AI score0.08555EPSS
Exploits2References1345
Rows per page
Query Builder