Lucene search
K

9 matches found

CVE
CVE
added 2026/05/07 1:43 p.m.22 views

CVE-2026-44264

Weblate (localization tool) is affected by an XSS in Markdown rendering prior to version 5.17.1, where user-submitted content in comments and other fields did not sanitize some attributes. The root cause is insufficient sanitization in the Markdown renderer. A fix was released in Weblate 5.17.1 (...

4.3CVSS5.7AI score0.00275EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:13 p.m.2 views

CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00708EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/15 6:13 p.m.14 views

CVE-2026-33435

Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).

8CVSS6.4AI score0.00708EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17. This vulnerability stemmed from a machine translation service URL that could be configured by users with the project.edit...

5CVSS5.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.11 views

Zyxel EX3510-B0 操作系统命令注入漏洞

The Zyxel EX3510-B0 is a security routing gateway developed by the Chinese company Zyxel. Versions of the Zyxel EX3510-B0 prior to 5.17ABUP.15.1C0 contain an operating system command injection vulnerability. This vulnerability stems from the UPnP feature’s susceptibility to command injections,...

9.8CVSS7.6AI score0.0106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.4 views

CVE-2023-28770

The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...

7.5CVSS6.7AI score0.57778EPSS
Exploits2References1
OSV
OSV
added 2024/01/12 3:15 a.m.3 views

DEBIAN-CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...

5.5CVSS6.5AI score0.00213EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.11 views

SUSE CVE-2022-0382

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user...

5.5CVSS7.1AI score0.00385EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.4 views

SUSE CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1...

5.5CVSS7.5AI score0.00287EPSS
Exploits0References3
Rows per page
Query Builder