Vulnerabilidades en WeblateOrg
37 resultadosCVE-2026-44264MEDIUMWeblate is vulnerable to XSS via crafted MarkdownEPSS 0.3%CVE-2025-49134LOWWeblate exposes personal IP address via e-mailEPSS 0.3%CVE-2025-58352LOWWeblate has long session expiry times during second factor verificationEPSS 0.3%CVE-2026-33440MEDIUMWeblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploadsEPSS 0.2%CVE-2026-34244MEDIUMWeblate: SSRF via Project-Level Machinery ConfigurationEPSS 0.2%CVE-2026-33214MEDIUMWeblate has improper access control for the translation memory APIEPSS 0.2%CVE-2025-67715MEDIUMWeblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)EPSS 0.2%CVE-2025-67492MEDIUMWeblate's over‑permissive webhook endpoint enables mass repository updates and component enumerationEPSS 0.2%CVE-2026-41519MEDIUMWeblate's API Token Not Invalidated on Password ChangeEPSS 0.2%CVE-2026-33212LOWWeblate: Improper access control for pending tasks in APIEPSS 0.2%CVE-2025-47951MEDIUMWeblate lacks rate limiting when verifying second factorEPSS 0.2%CVE-2026-45106MEDIUMWeblate: Stored HTML injection in editor search previewEPSS 0.2%CVE-2025-66407MEDIUMWeblate has Server-Side Request Forgery vulnerabilityEPSS 0.2%CVE-2026-42150MEDIUMwlc: print_html outputs API data without HTML escaping, enabling stored XSSEPSS 0.2%CVE-2025-64326LOWWeblate leaks the IP of project members inviting users to assume reviewer roles in Audit logEPSS 0.2%CVE-2026-22251MEDIUMwlc may leak API keys due to an insecure API key configurationEPSS 0.1%CVE-2026-22250LOWwlc can skip SSL verificationEPSS 0.1%