Lucene search
K

672 matches found

euvd
euvd
added 6 days ago12 views

EUVD-2026-36113

Weblate SSRF: outbound URL guard misses some private ranges...

5.9CVSS5.9AI score0.00291EPSS
Exploits0References4
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-571 Weblate is vulnerable to RCE through Git config file overwrite

Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References10
osv
osv
added 2026/06/17 12:0 a.m.3 views

OPENSUSE-SU-2026:11051-1 weblate-5.17.1-2.1 on GA media

These are all security issues fixed in the weblate-5.17.1-2.1 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.2AI score0.00291EPSS
Exploits0References2
susecve
susecve
added 2026/06/12 2:26 a.m.11 views

SUSE CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.2AI score0.00208EPSS
Exploits0References3
susecve
susecve
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.2AI score0.00291EPSS
Exploits0References3
nvd
nvd
added 2026/06/10 8:17 p.m.13 views

CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS0.00291EPSS
Exploits0References3
nvd
nvd
added 2026/06/10 8:17 p.m.12 views

CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS0.00208EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/10 7:56 p.m.32 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS0.00208EPSS
Exploits0References3
euvd
euvd
added 2026/06/10 7:56 p.m.10 views

EUVD-2026-36114

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.3AI score0.00208EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/10 7:56 p.m.10 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.3AI score0.00208EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/10 7:56 p.m.7 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References3
cve
cve
added 2026/06/10 7:56 p.m.22 views

CVE-2026-50127

CVE-2026-50127 affects Weblate (versions 5.15 up to, but not including, 2026.6). The VCS_RESTRICT_PRIVATE check did not properly account for certain transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, allowing some addresses to bypass private-range restrictions. The i...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/10 7:56 p.m.34 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS0.00291EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.17 views

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.16 views

Weblate 跨站脚本漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the real-time search preview feature, which rendered unit sources and contexts as HT...

4.6CVSS4.9AI score0.00208EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.19 views

PT-2026-48524

Name of the Vulnerable Software and Affected Versions Weblate versions 5.15 through 2026.5 Description Weblate is a web-based localization tool. The VCS RESTRICT PRIVATE setting fails to properly account for certain semi-private IPv4 ranges, multicast addresses, and transitional IPv6 ranges,...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.5AI score0.00221EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.5AI score0.0024EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

5.4CVSS5.3AI score0.00228EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.11 views

CVE-2026-33214

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...

4.3CVSS5.3AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder