17 matches found
CVE-2026-44263
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...
CVE-2026-44264
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...
CVE-2026-44263
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...
CVE-2026-44264
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...
CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...
CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...
CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...
CVE-2026-44263
Weblate before 5.17.1 exposed private translations via the Screenshot API, Task, and component link APIs, enabling enumeration of translations in projects not accessible to the user. Root cause: these API surfaces allowed access to translation metadata, leaking otherwise inaccessible content. Imp...
CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...
Insufficient Session Expiration
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Insufficient Session Expiration through the SetPasswordForm and resetpassword/resetapikey account handlers in the accounts component. An...
Linux Distros Unpatched Vulnerability : CVE-2026-34165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which...
DEBIAN-CVE-2026-33762
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...
UBUNTU-CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
EUVD-2026-17443
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...
go-git missing validation decoding Index v4 files leads to panic
Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...
GHSA-GM2X-2G9H-CCM8 go-git missing validation decoding Index v4 files leads to panic
Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...
PT-2022-7673 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.1 Description: The vulnerability is related to a "scheduling while atomic" bug in the Linux kernel, specifically in the ice driver. This bug occurs when the function to unplug aux devices is called twice,...