CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...

PT-2026-37127

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description When a user changes their password, browser sessions are invalidated using the cycle session keys function, but Django REST Framework DRF API tokens with the wlu prefix stored in authtoken token are...

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

DEBIAN-CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...

EUVD-2022-32834

Malicious code in bioql PyPI...

EUVD-2022-32806

Malicious code in bioql PyPI...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

Grouper 安全漏洞

Grouper is an Internet2 open source enterprise access management system designed for highly distributed administrative environments and heterogeneous information technology environments common to colleges and universities. A security vulnerability exists in Grouper versions 5.17.1 through prior t...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

Yakamara Media Redaxo CMS 安全漏洞

Yakamara Media Redaxo CMS is an open source web portal content management system organized by Yakamara Media. The system supports custom modules, plugin extensions, project backups, and more. A security vulnerability exists in Yakamara Media Redaxo CMS version v5.17.1, which stems from the presen...

PT-2024-34414 · Redaxo · Redaxo Core Cms

Name of the Vulnerable Software and Affected Versions: Redaxo Core CMS version 5.17.1 Description: The mediapool feature of the Redaxo Core CMS application is vulnerable to Cross Site Scripting XSS, which allows a remote attacker to escalate privileges. Recommendations: For Redaxo Core CMS versio...

Redaxo 安全漏洞

Redaxo is a content management system from Redaxo open source. A security vulnerability exists in Redaxo version v5.17.1. An attacker exploiting this vulnerability could read arbitrary files on the server running the application...

CVE-2022-28389

mcbausbstartxmit in drivers/net/can/usb/mcbausb.c in the Linux kernel through 5.17.1 has a double free...

PT-2022-2238 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.1 Description: The issue is related to the jbd2 journal wait updates function in the Linux kernel, specifically in the fs/jbd2/transaction.c file. It involves a use-after-free condition caused by a...