Weblate: >> Weblate >> 5.14.3 Security Vulnerabilities
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-16
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-16
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-15