Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

weblate — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in weblate, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPaused
CVE-2026-40256 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision CWE-22 5.0 Medium2026-04-15
CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url() CWE-918 4.1 Medium2026-04-15
CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint CWE-269 8.8 High2026-04-15
CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration CWE-200 5.0 Medium2026-04-15
CVE-2026-34242 Weblate: Arbitrary File Read via Symlink CWE-22 7.7 High2026-04-15
CVE-2026-33440 Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads CWE-918 5.0 Medium2026-04-15
CVE-2026-33435 Weblate: Remote code execution during backup restoration CWE-23 8.1 High2026-04-15
CVE-2026-33220 Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository CWE-22 6.8 Medium2026-04-15
CVE-2026-33214 Weblate has improper access control for the translation memory API CWE-862 4.3 Medium2026-04-15
CVE-2026-33212 Weblate: Improper access control for pending tasks in API CWE-284 3.1 Low2026-04-15
CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations CWE-862 4.3 Medium2026-02-26
CVE-2026-24126 Weblate has an argument injection in management console CWE-88 6.6 Medium2026-02-18
CVE-2026-21889 Weblate leaks information via screenshots CWE-284 5.3AIMediumAI2026-01-14
CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution CWE-20 9.1 Critical2025-12-18
CVE-2025-68279 Weblate has an arbitrary file read via symbolic links CWE-22 7.7 High2025-12-18
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) CWE-284 4.3 Medium2025-12-16
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration CWE-1286 5.3 Medium2025-12-16
CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability CWE-352 5.0 Medium2025-12-15
CVE-2025-64725 Weblate has improper validation upon invitation acceptance CWE-286 4.3AIMediumAI2025-12-15
CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log CWE-212 2.6 Low2025-11-06
CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter CWE-601 6.1 -2025-10-01
CVE-2025-58352 Weblate has long session expiry times during second factor verification CWE-613--AI2025-09-04
CVE-2025-49134 Weblate exposes personal IP address via e-mail CWE-359 5.3AIMediumAI2025-06-16
CVE-2025-47951 Weblate lacks rate limiting when verifying second factor CWE-307 4.9 Medium2025-06-16
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext CWE-598 2.2 Low2025-04-15
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups CWE-73 4.4 Medium2024-07-01
CVE-2022-23915 Remote Code Execution (RCE) 7.2 High2022-03-04
CVE-2022-24710 Cross-site Scripting in Weblate CWE-79 5.4 Medium2022-02-25

All 28 known CVE vulnerabilities affecting weblate with full Chinese analysis, references, and POCs where available.