9 matches found
CVE-2026-44264
Weblate (localization tool) is affected by an XSS in Markdown rendering prior to version 5.17.1, where user-submitted content in comments and other fields did not sanitize some attributes. The root cause is insufficient sanitization in the Markdown renderer. A fix was released in Weblate 5.17.1 (...
CVE-2026-33435
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
CVE-2026-33435
Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17. This vulnerability stemmed from a machine translation service URL that could be configured by users with the project.edit...
Zyxel EX3510-B0 操作系统命令注入漏洞
The Zyxel EX3510-B0 is a security routing gateway developed by the Chinese company Zyxel. Versions of the Zyxel EX3510-B0 prior to 5.17ABUP.15.1C0 contain an operating system command injection vulnerability. This vulnerability stems from the UPnP feature’s susceptibility to command injections,...
CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...
DEBIAN-CVE-2022-48619
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...
SUSE CVE-2022-0382
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user...
SUSE CVE-2022-0433
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1...