Known Vulnerabilities for products from Weblate
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Weblate".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44264 json | Not Provided | 2026-05-07 | 2026-05-07 | |
| CVE-2026-44263 json | Not Provided | 2026-05-07 | 2026-05-07 | |
| CVE-2026-42150 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2026-41654 json | Not Provided | 2026-05-07 | 2026-05-07 | |
| CVE-2026-41519 json | Not Provided | 2026-05-07 | 2026-05-07 | |
| CVE-2026-40256 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-39845 json | Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protect... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-34393 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-34244 json | Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the ... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-34242 json | Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files,... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-33440 json | Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the fi... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-33435 json | Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial confi... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-33220 json | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints,... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-33214 json | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints,... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2026-33212 json | Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending task... | Not Provided | 2026-04-15 | 2026-04-21 |
| CVE-2022-24727 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | Not Provided | 2022-03-04 | 2023-11-07 |
| CVE-2022-24710 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-25 | 2022-03-08 |
| CVE-2022-23915 json | The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using ... | 8.8 - HIGH | 2022-03-04 | 2022-03-12 |
| CVE-2017-5537 json | The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is ... | 5.3 - MEDIUM | 2017-03-15 | 2017-03-21 |
Known software with vulnerabilities from Weblate
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Weblate | Weblate | 0.1 |