Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Weblate — Vulnerabilities & Security Advisories 32

All 32 CVE vulnerabilities found in Weblate, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown CWE-80 4.3 Medium2026-05-07
CVE-2026-44263 Weblate: Private Translation Enumeration via Screenshot API CWE-203 4.3 Medium2026-05-07
CVE-2026-41519 Weblate's API Token Not Invalidated on Password Change CWE-613 4.2 Medium2026-05-07
CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url CWE-20 8.1 -2026-05-07
CVE-2026-40256 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision CWE-22 5.0 Medium2026-04-15
CVE-2026-39845 Weblate: SSRF via the webhook add-on using unprotected fetch_url() CWE-918 4.1 Medium2026-04-15
CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint CWE-269 8.8 High2026-04-15
CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration CWE-200 5.0 Medium2026-04-15
CVE-2026-34242 Weblate: Arbitrary File Read via Symlink CWE-22 7.7 High2026-04-15
CVE-2026-33440 Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads CWE-918 5.0 Medium2026-04-15
CVE-2026-33435 Weblate: Remote code execution during backup restoration CWE-23 8.1 High2026-04-15
CVE-2026-33220 Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository CWE-22 6.8 Medium2026-04-15
CVE-2026-33214 Weblate has improper access control for the translation memory API CWE-862 4.3 Medium2026-04-15
CVE-2026-33212 Weblate: Improper access control for pending tasks in API CWE-284 3.1 Low2026-04-15
CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations CWE-862 4.3 Medium2026-02-26
CVE-2026-24126 Weblate has an argument injection in management console CWE-88 6.6 Medium2026-02-18
CVE-2026-21889 Weblate leaks information via screenshots CWE-284 5.3AIMediumAI2026-01-14
CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution CWE-20 9.1 Critical2025-12-18
CVE-2025-68279 Weblate has an arbitrary file read via symbolic links CWE-22 7.7 High2025-12-18
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) CWE-284 4.3 Medium2025-12-16
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration CWE-1286 5.3 Medium2025-12-16
CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability CWE-352 5.0 Medium2025-12-15
CVE-2025-64725 Weblate has improper validation upon invitation acceptance CWE-286 4.3AIMediumAI2025-12-15
CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log CWE-212 2.6 Low2025-11-06
CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter CWE-601 6.1 -2025-10-01
CVE-2025-58352 Weblate has long session expiry times during second factor verification CWE-613--AI2025-09-04
CVE-2025-49134 Weblate exposes personal IP address via e-mail CWE-359 5.3AIMediumAI2025-06-16
CVE-2025-47951 Weblate lacks rate limiting when verifying second factor CWE-307 4.9 Medium2025-06-16
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext CWE-598 2.2 Low2025-04-15
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups CWE-73 4.4 Medium2024-07-01

All 32 known CVE vulnerabilities affecting Weblate with full Chinese analysis, references, and POCs where available.