CVE-2025-47951

Medium CVSS: 4.9

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Vendor

Weblate

Product

Weblate

CWE

CWE-307

Yayın Tarihi

2025-06-16 21:15:24

Güncelleme

2025-07-16 14:32:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-307 Weblate MEDIUM Weblate 2025

Referanslar

https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384 https://github.com/WeblateOrg/weblate/pull/14918 https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q https://hackerone.com/reports/3150564

Benzer Kayıtlar

Medium

CVE-2026-27457

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`weblate/api/views.py`…

Medium

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input…

High

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could wri…

Low

CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server…

Low

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped fo…

Medium

CVE-2026-22251

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API key…