weblateorg

Top products

The 15 most recently published vulnerabilities affecting weblateorg.

• CVE-2026-45106Weblate: Stored HTML injection in editor search preview4.6Jun 10, 2026
• CVE-2026-50127Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)5.9Jun 10, 2026
• CVE-2026-42150wlc: print_html outputs API data without HTML escaping, enabling stored XSS5.1May 8, 2026
• CVE-2026-44264Weblate is vulnerable to XSS via crafted Markdown4.3May 7, 2026
• CVE-2026-44263Weblate: Private Translation Enumeration via Screenshot API4.3May 7, 2026
• CVE-2026-41519Weblate's API Token Not Invalidated on Password Change4.2May 7, 2026
• CVE-2026-41654Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url8.1May 7, 2026
• CVE-2026-40256Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision5.0Apr 15, 2026
• CVE-2026-39845Weblate: SSRF via the webhook add-on using unprotected fetch_url()4.1Apr 15, 2026
• CVE-2026-34393Weblate: Privilege escalation in the user API endpoint8.8Apr 15, 2026
• CVE-2026-34244Weblate: SSRF via Project-Level Machinery Configuration5.0Apr 15, 2026
• CVE-2026-34242Weblate: Arbitrary File Read via Symlink7.7Apr 15, 2026
• CVE-2026-33440Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads5.0Apr 15, 2026
• CVE-2026-33435Weblate: Remote code execution during backup restoration8.0Apr 15, 2026
• CVE-2026-33220Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository6.8Apr 15, 2026