Known Vulnerabilities for products from Weblate

Listed below are 19 of the newest known vulnerabilities associated with the vendor "Weblate".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-44264 json	Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user...	Not Provided	2026-05-07	2026-05-11
CVE-2026-44263 json	Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for...	Not Provided	2026-05-07	2026-05-11
CVE-2026-42150 json	wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds A...	Not Provided	2026-05-08	2026-05-12
CVE-2026-41654 json	Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default...	Not Provided	2026-05-07	2026-05-11
CVE-2026-41519 json		Not Provided	2026-05-07	2026-05-07
CVE-2026-40256 json	Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix c...	Not Provided	2026-04-15	2026-04-21
CVE-2026-39845 json	Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protect...	Not Provided	2026-04-15	2026-04-21
CVE-2026-34393 json	Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the...	Not Provided	2026-04-15	2026-04-21
CVE-2026-34244 json	Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the ...	Not Provided	2026-04-15	2026-04-21
CVE-2026-34242 json	Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files,...	Not Provided	2026-04-15	2026-04-21
CVE-2026-33440 json	Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the fi...	Not Provided	2026-04-15	2026-04-21
CVE-2026-33435 json	Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial confi...	Not Provided	2026-04-15	2026-04-21
CVE-2026-33220 json	Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints,...	Not Provided	2026-04-15	2026-04-21
CVE-2026-33214 json	Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints,...	Not Provided	2026-04-15	2026-04-21
CVE-2026-33212 json	Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending task...	Not Provided	2026-04-15	2026-04-21
CVE-2022-24727 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	Not Provided	2022-03-04	2023-11-07
CVE-2022-24710 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.4 - MEDIUM	2022-02-25	2022-03-08
CVE-2022-23915 json	The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using ...	8.8 - HIGH	2022-03-04	2022-03-12
CVE-2017-5537 json	The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is ...	Not Provided	2017-03-15	2025-04-20

Known software with vulnerabilities from Weblate

Type	Vendor	Product	Version
Application	Weblate	Weblate	0.1