| CVE-2026-41654 |
high |
8.1 |
8.1 |
|
|
|
23d ago |
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url |
| CVE-2025-66407 |
medium |
— |
5.5 |
|
|
|
4d ago |
Weblate has a Server-Side Request Forgery issue |
| CVE-2026-45106 |
medium |
— |
5.5 |
|
|
|
15d ago |
Weblate: Stored HTML injection in editor search preview |
| CVE-2026-41519 |
medium |
5.4 |
5.4 |
|
|
|
1mo ago |
Weblate Doesn't Invalidate API Token on Password Change |
| CVE-2017-5537 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate use… |
| CVE-2026-44263 |
medium |
4.3 |
4.3 |
|
|
|
23d ago |
Weblate Vulnerable to Private Translation Enumeration via Screenshot API |
| CVE-2026-44264 |
medium |
4.3 |
4.3 |
|
|
|
24d ago |
Weblate vulnerable to XSS via crafted Markdown |