Vulnerabilidades em WeblateOrg
37 resultadosCVE-2022-24710MEDIUMCross-site Scripting in WeblateEPSS 0.7%CVE-2026-33435HIGHWeblate: Remote code execution during backup restorationEPSS 0.7%CVE-2025-68398CRITICALWeblate has git config file overwrite vulnerability that leads to remote code executionEPSS 0.5%CVE-2026-24126MEDIUMWeblate has an argument injection in management consoleEPSS 0.4%CVE-2026-34242HIGHWeblate: Arbitrary File Read via SymlinkEPSS 0.4%CVE-2026-34393HIGHWeblate: Privilege escalation in the user API endpointEPSS 0.4%CVE-2026-41654MEDIUMWeblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_urlEPSS 0.4%CVE-2025-61587LOWWeblate integration with Anubis can lead to Open Redirect via redir parameterEPSS 0.4%CVE-2025-68279HIGHWeblate has an arbitrary file read via symbolic linksEPSS 0.3%CVE-2026-23535HIGHwlc Path traversal: Unsanitized API slugs in download commandEPSS 0.3%CVE-2026-40256MEDIUMWeblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix CollisionEPSS 0.3%CVE-2026-33220MEDIUMWeblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repositoryEPSS 0.3%CVE-2026-21889LOWWeblate leaks information via screenshotsEPSS 0.3%CVE-2025-64725LOWWeblate has improper validation upon invitation acceptanceEPSS 0.3%CVE-2024-39303MEDIUMWeblate vulnerabler to improper sanitization of project backupsEPSS 0.3%CVE-2025-32021LOWWeblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintextEPSS 0.3%CVE-2026-27457MEDIUMWeblate: Missing access control for the AddonViewSet API exposes all addon configurationsEPSS 0.3%CVE-2026-50127MEDIUMWeblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)EPSS 0.3%CVE-2026-44263MEDIUMWeblate: Private Translation Enumeration via Screenshot APIEPSS 0.3%CVE-2026-39845MEDIUMWeblate: SSRF via the webhook add-on using unprotected fetch_url()EPSS 0.3%