CVE-2026-45106

Publié : 10 juin 2026

Modifié : 10 juin 2026

Score CVSS

4.6

MEDIUM

Description détaillée

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. This issue has been patched in version 2026.5.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Références et Patchs

https://github.com/WeblateOrg/weblate/pull/19422 https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.5 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6wxc-8mgq-w26m

Dernières Vulnérabilités

CVE-2026-53465

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.

VOIR DÉTAILS

CVE-2026-53464

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.

VOIR DÉTAILS

CVE-2026-53463

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

VOIR DÉTAILS