Lucene search
+L

4 matches found

osv
osv
added 2025/12/16 12:5 a.m.6 views

CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS6.7AI score0.00239EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/16 12:5 a.m.32 views

CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS0.00239EPSS
Exploits0References2
cve
cve
added 2025/12/16 12:5 a.m.24 views

CVE-2025-67492

CVE-2025-67492 affects Weblate prior to version 5.15, where a crafted webhook payload could trigger mass repository updates and component enumeration through an overly permissive webhook endpoint. The root cause is the webhook handling allowing unauthorized triggering across multiple repositories...

5.3CVSS6.3AI score0.00239EPSS
Exploits0References2Affected Software1
github
github
added 2025/12/15 10:1 p.m.11 views

Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Impact It was possible to trigger repository updates for many repositories via a crafted webhook payload. Patches https://github.com/WeblateOrg/weblate/pull/17221 Workarounds Disabling webhooks completely using ENABLEHOOKS avoids this vulnerability. References Thanks to Hector Ruiz Ruiz & NaxusAI...

5.3CVSS6.8AI score0.00239EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder