CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

183 matches found

RedhatCVE•added 2025/09/07 12:45 a.m.•5 views

CVE-2025-58352

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

6.5CVSS6.8AI score0.00064EPSS

Exploits0References1

SUSE CVE•added 2025/09/05 11:22 p.m.•2 views

SUSE CVE-2025-58352

6.5CVSS6.8AI score0.00064EPSS

Exploits0References3

NVD•added 2025/09/05 12:15 a.m.•2 views

CVE-2025-58352

6.5CVSS0.00064EPSS

Exploits0References3

OSV•added 2025/09/04 11:28 p.m.•6 views

CVE-2025-58352 Weblate has long session expiry times during second factor verification

2.1CVSS6.5AI score0.00064EPSS

Exploits0References5

Cvelist•added 2025/09/04 11:28 p.m.•8 views

CVE-2025-58352 Weblate has long session expiry times during second factor verification

2.1CVSS0.00064EPSS

Exploits0References3

CVE•added 2025/09/04 11:28 p.m.•16 views

CVE-2025-58352

CVE-2025-58352 (Weblate) affects Weblate versions lower than 5.13.1, where sessions can persist for an unusually long period during second-factor (2FA) verification. The root issue is insufficient session expiration, enabling an attacker to maintain a valid session and potentially bypass rate lim...

6.5CVSS6.3AI score0.00064EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2025/09/04 2:6 p.m.•5 views

Weblate has a long session expiry when verifying second factor

Impact The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor. Patches This issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002. References Thanks to...

6.5CVSS6.8AI score0.00064EPSS

Exploits0References5Affected Software1

OSV•added 2025/09/04 2:6 p.m.•2 views

GHSA-377J-WJ38-4728 Weblate has a long session expiry when verifying second factor

2.1CVSS6.8AI score0.00064EPSS

Exploits0References5

Positive Technologies•added 2025/09/04 12:0 a.m.•5 views

PT-2025-36103

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 5.13.1 Description: Weblate is a web-based localization tool. Versions prior to 5.13.1 are susceptible to a second factor authentication bypass due to a long session expiry during the second factor verification...

2.1CVSS6.5AI score0.00064EPSS

Exploits0References7

OSV•added 2025/07/02 5:37 p.m.•3 views

DRUPAL-CONTRIB-2025-085

This module enables you to allow and/or require a second authentication method in addition to password authentication. The module does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. This vulnerability is mitigated by the fact...

6.5CVSS7.1AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2025/06/26 8:19 a.m.•6 views

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

7.5CVSS7.3AI score0.00431EPSS

Exploits0References1

NVD•added 2025/06/24 9:15 a.m.•3 views

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

7.5CVSS0.00431EPSS

Exploits0References2

RedhatCVE•added 2025/06/18 9:2 p.m.•4 views

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

4.9CVSS5AI score0.00201EPSS

Exploits0References1

Snyk•added 2025/06/16 10:2 p.m.•2 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the second factor verification process. An attacker can bypass authentication controls by automating OTP guessing attempts. Remediation Upgrade Weblate to version 5.12.1 or higher. References - GitHub Commit - GitHub PR ...

4.9CVSS7.2AI score0.00201EPSS

Exploits0References2

NVD•added 2025/06/16 9:15 p.m.•4 views

CVE-2025-47951

4.9CVSS0.00201EPSS

Exploits0References5

OSV•added 2025/06/16 8:57 p.m.•3 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS6.5AI score0.00201EPSS

Exploits0References7

Vulnrichment•added 2025/06/16 8:57 p.m.•1 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS5AI score0.00201EPSS

Exploits0References5

Cvelist•added 2025/06/16 8:57 p.m.•11 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS0.00201EPSS

Exploits0References5

OSV•added 2025/06/16 2:52 p.m.•3 views

GHSA-57JG-M997-CX3Q Weblate lacks rate limiting when verifying second factor

Impact The verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. Patches This issue has been addressed in Weblate 5.12 via...

4.9CVSS7AI score0.00201EPSS

Exploits0References7

Github Security Blog•added 2025/06/16 2:52 p.m.•9 views

Weblate lacks rate limiting when verifying second factor

4.9CVSS7AI score0.00201EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by