Lucene search
K

4 matches found

CVE
CVE
added 2026/01/12 5:55 p.m.29 views

CVE-2026-22251

The CVE-2026-22251 entry concerns the wlc Weblate command-line client. Before version 1.17.0, wlc allowed unscoped API keys to be stored in settings, a practice that could enable an API key to be leaked to different servers. Public advisories from Debian/Ubuntu/OSV reflect this issue and referenc...

5.5CVSS6.7AI score0.00164EPSS
CVE
CVE
added 2026/01/12 5:52 p.m.24 views

CVE-2026-22250

CVE-2026-22250 affects the Weblate command-line client wlc . Prior to version 1.17.0, SSL verification could be skipped for certain crafted URLs, potentially allowing an attacker to access sensitive resources. Ubuntu USN-7981-1 summarizes the issue and notes an update is available; remediation is...

5.5CVSS6.4AI score0.00134EPSS
CVE
CVE
added 2026/01/16 7:8 p.m.22 views

CVE-2026-23535

CVE-2026-23535 affects the Weblate WebCLI client (wlc). Prior to version 1.17.2, the multi-translation download could be manipulated by a crafted server to write to an arbitrary location, enabling potential unauthorized file writes. The issue is fixed in 1.17.2. Affected component: wlc (Weblate R...

8CVSS6.5AI score0.00337EPSS
CVE
CVE
added 2026/05/08 3:23 a.m.20 views

CVE-2026-42150

The vulnerability CVE-2026-42150 affects the Weblate WebCLI tool wlc. Prior to version 2.0.0, wlc’s HTML output format embeds API response data directly into HTML without escaping, enabling cross-site scripting when rendered in a browser. The issue is mitigated by upgrading to version 2.0.0 or la...

5.1CVSS5.5AI score0.00174EPSS