CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/06/12 2:25 a.m.•6 views

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.2AI score0.00291EPSS

NVD•added 2026/06/10 8:17 p.m.•9 views

CVE-2026-50127

5.9CVSS0.00291EPSS

NVD•added 2026/06/10 8:17 p.m.•8 views

CVE-2026-45106

4.6CVSS0.00208EPSS

EUVD•added 2026/06/10 7:56 p.m.•7 views

EUVD-2026-36114

4.6CVSS5.3AI score0.00208EPSS

Vulnrichment•added 2026/06/10 7:56 p.m.•7 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

4.6CVSS5.3AI score0.00208EPSS

Cvelist•added 2026/06/10 7:56 p.m.•29 views

CVE-2026-45106 Weblate: Stored HTML injection in editor search preview

4.6CVSS0.00208EPSS

Vulnrichment•added 2026/06/10 7:56 p.m.•5 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

Cvelist•added 2026/06/10 7:56 p.m.•29 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

5.9CVSS0.00291EPSS

CVE•added 2026/06/10 7:56 p.m.•14 views

CVE-2026-50127

CVE-2026-50127 affects Weblate (versions 5.15 up to, but not including, 2026.6). The VCS_RESTRICT_PRIVATE check did not properly account for certain transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, allowing some addresses to bypass private-range restrictions. The i...

EUVD•added 2026/06/10 7:56 p.m.•9 views

EUVD-2026-36113

CNNVD•added 2026/06/10 12:0 a.m.•11 views

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...

CNNVD•added 2026/06/10 12:0 a.m.•8 views

Weblate 跨站脚本漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the real-time search preview feature, which rendered unit sources and contexts as HT...

4.6CVSS4.9AI score0.00208EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48524

Name of the Vulnerable Software and Affected Versions Weblate versions 5.15 through 2026.5 Description Weblate is a web-based localization tool. The VCS RESTRICT PRIVATE setting fails to properly account for certain semi-private IPv4 ranges, multicast addresses, and transitional IPv6 ranges,...

RedhatCVE•added 2026/06/05 7:46 p.m.•6 views

Exploits0References7

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.5AI score0.00221EPSS

RedhatCVE•added 2026/06/05 7:38 p.m.•7 views

CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.5AI score0.0024EPSS

RedhatCVE•added 2026/06/05 7:36 p.m.•8 views

CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

5.4CVSS5.3AI score0.00228EPSS

RedhatCVE•added 2026/06/05 7:31 p.m.•8 views

CVE-2026-33214

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...

4.3CVSS5.3AI score0.00236EPSS

RedhatCVE•added 2026/06/05 7:31 p.m.•8 views

CVE-2026-33440

Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17...

5CVSS5.3AI score0.0024EPSS

RedhatCVE•added 2026/06/05 7:30 p.m.•7 views

CVE-2026-42150

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...

5.1CVSS5.1AI score0.00174EPSS