Package impact
PyPI / weblate
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66407 | medium | — | 5.5 | 3d ago | Weblate has a Server-Side Request Forgery issue | |||
| CVE-2026-45106 | medium | — | 5.5 | 14d ago | Weblate: Stored HTML injection in editor search preview | |||
| CVE-2026-41519 | medium | 5.4 | 5.4 | 29d ago | Weblate Doesn't Invalidate API Token on Password Change | |||
| CVE-2017-5537 | medium | 5.3 | 5.3 | 9y ago | The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate use… | |||
| CVE-2026-44263 | medium | 4.3 | 4.3 | 23d ago | Weblate Vulnerable to Private Translation Enumeration via Screenshot API | |||
| CVE-2026-44264 | medium | 4.3 | 4.3 | 23d ago | Weblate vulnerable to XSS via crafted Markdown |