CVE-2025-58352 Weblate has long session expiry times during second factor verification

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

CVE-2025-58352

CVE-2025-58352 (Weblate) affects Weblate versions lower than 5.13.1, where sessions can persist for an unusually long period during second-factor (2FA) verification. The root issue is insufficient session expiration, enabling an attacker to maintain a valid session and potentially bypass rate lim...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

Weblate lacks rate limiting when verifying second factor

Impact The verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. Patches This issue has been addressed in Weblate 5.12 via...

CVE-2024-9999

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-9999

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-9999

CVE-2024-9999 affects Progress WS_FTP Server prior to version 8.8.9 (2022.0.9). The root cause is an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing bypass of the second-factor verification and login with username and password only. Impact described i...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.8 2022.0.8, a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...