Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WeblateOrg — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting WeblateOrg. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WeblateOrg:weblatewlc
CVE IDTitleCVSSSeverityPublished
CVE-2026-40256 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision — weblateCWE-22 5.0 Medium2026-04-15
CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url() — weblateCWE-918 4.1 Medium2026-04-15
CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint — weblateCWE-269 8.8 High2026-04-15
CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration — weblateCWE-200 5.0 Medium2026-04-15
CVE-2026-34242 Weblate: Arbitrary File Read via Symlink — weblateCWE-22 7.7 High2026-04-15
CVE-2026-33440 Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads — weblateCWE-918 5.0 Medium2026-04-15
CVE-2026-33435 Weblate: Remote code execution during backup restoration — weblateCWE-23 8.1 High2026-04-15
CVE-2026-33220 Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository — weblateCWE-22 6.8 Medium2026-04-15
CVE-2026-33214 Weblate has improper access control for the translation memory API — weblateCWE-862 4.3 Medium2026-04-15
CVE-2026-33212 Weblate: Improper access control for pending tasks in API — weblateCWE-284 3.1 Low2026-04-15
CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations — weblateCWE-862 4.3 Medium2026-02-26
CVE-2026-24126 Weblate has an argument injection in management console — weblateCWE-88 6.6 Medium2026-02-18
CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command — wlcCWE-22 8.1 High2026-01-16
CVE-2026-21889 Weblate leaks information via screenshots — weblateCWE-284 5.3AIMediumAI2026-01-14
CVE-2026-22251 wlc may leak API keys due to an insecure API key configuration — wlcCWE-200 5.3 Medium2026-01-12
CVE-2026-22250 wlc can skip SSL verification — wlcCWE-295 2.5 Low2026-01-12
CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution — weblateCWE-20 9.1 Critical2025-12-18
CVE-2025-68279 Weblate has an arbitrary file read via symbolic links — weblateCWE-22 7.7 High2025-12-18
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) — weblateCWE-284 4.3 Medium2025-12-16
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration — weblateCWE-1286 5.3 Medium2025-12-16
CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability — weblateCWE-352 5.0 Medium2025-12-15
CVE-2025-64725 Weblate has improper validation upon invitation acceptance — weblateCWE-286 4.3AIMediumAI2025-12-15
CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log — weblateCWE-212 2.6 Low2025-11-06
CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter — weblateCWE-601 6.1 -2025-10-01
CVE-2025-58352 Weblate has long session expiry times during second factor verification — weblateCWE-613--AI2025-09-04
CVE-2025-49134 Weblate exposes personal IP address via e-mail — weblateCWE-359 5.3AIMediumAI2025-06-16
CVE-2025-47951 Weblate lacks rate limiting when verifying second factor — weblateCWE-307 4.9 Medium2025-06-16
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext — weblateCWE-598 2.2 Low2025-04-15
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups — weblateCWE-73 4.4 Medium2024-07-01
CVE-2022-24710 Cross-site Scripting in Weblate — weblateCWE-79 5.4 Medium2022-02-25

This page lists every published CVE security advisory associated with WeblateOrg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.