4 matches found
CVE-2026-22251
The CVE-2026-22251 entry concerns the wlc Weblate command-line client. Before version 1.17.0, wlc allowed unscoped API keys to be stored in settings, a practice that could enable an API key to be leaked to different servers. Public advisories from Debian/Ubuntu/OSV reflect this issue and referenc...
CVE-2026-22250
CVE-2026-22250 affects the Weblate command-line client wlc . Prior to version 1.17.0, SSL verification could be skipped for certain crafted URLs, potentially allowing an attacker to access sensitive resources. Ubuntu USN-7981-1 summarizes the issue and notes an update is available; remediation is...
CVE-2026-23535
CVE-2026-23535 affects the Weblate WebCLI client (wlc). Prior to version 1.17.2, the multi-translation download could be manipulated by a crafted server to write to an arbitrary location, enabling potential unauthorized file writes. The issue is fixed in 1.17.2. Affected component: wlc (Weblate R...
CVE-2026-42150
The vulnerability CVE-2026-42150 affects the Weblate WebCLI tool wlc. Prior to version 2.0.0, wlc’s HTML output format embeds API response data directly into HTML without escaping, enabling cross-site scripting when rendered in a browser. The issue is mitigated by upgrading to version 2.0.0 or la...