CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

SUSE CVE•added 2026/04/16 11:28 p.m.•2 views

SUSE CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.8AI score0.0024EPSS

Exploits0References3

Github Security Blog•added 2026/04/16 8:43 p.m.•6 views

Weblate: SSRF via Project-Level Machinery Configuration

Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...

5CVSS5.8AI score0.0024EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/16 8:43 p.m.•3 views

EUVD-2026-23004

Weblate: SSRF via Project-Level Machinery Configuration...

5CVSS5.8AI score0.0024EPSS

Exploits0References4

Vulnrichment•added 2026/04/15 6:22 p.m.•0 views

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

5CVSS5.8AI score0.0024EPSS

Exploits0References2

Cvelist•added 2026/04/15 6:22 p.m.•21 views

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

5CVSS0.0024EPSS

Exploits0References2

ATTACKERKB•added 2026/04/15 6:22 p.m.•3 views

CVE-2026-34244

5CVSS5.8AI score0.0024EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/15 6:22 p.m.•8 views

CVE-2026-34244

Weblate (pre-5.17) is vulnerable to an SSRF in project-level machinery configuration. A user with project.edit permission can configure machine translation service URLs pointing to internal addresses; during validation, Weblate makes an HTTP request to the attacker-controlled URL and may reflect ...

5CVSS5.8AI score0.0024EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33121

5CVSS5.8AI score0.0024EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-0247

Malware in sbrugna...

7.8CVSS7.5AI score0.02415EPSS

Exploits0References6

OSV•added 2021/12/08 11:15 p.m.•16 views

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS7.7AI score

Exploits0References3

NVD•added 2021/12/08 11:15 p.m.•14 views

CVE-2021-43811

7.8CVSS0.02415EPSS

Exploits0References3

PyPA•added 2021/12/08 11:15 p.m.•9 views

PYSEC-2021-848

7.8CVSS7.8AI score0.02415EPSS

Exploits0References3Affected Software1

Prion•added 2021/12/08 11:15 p.m.•16 views

Code injection

6.8CVSS7.7AI score0.02415EPSS

Exploits0References3Affected Software1

OSV•added 2021/12/08 11:15 p.m.•15 views

PYSEC-2021-848

7.8CVSS4.5AI score0.02415EPSS

Exploits0References3

CVE•added 2021/12/08 11:5 p.m.•71 views

CVE-2021-43811

Sockeye (PyTorch-based) vulnerable to code execution via unsafe YAML loading in model/data config files when using versions below 2.3.24; an attacker can inject malicious config, which executes locally when a user runs the model. The issue is fixed in 2.3.24. Practical impact is limited to users ...

7.8CVSS7.7AI score0.02415EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by