Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

Running 2 accounts with a single email #3

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

[debian.weblate.org]-Missing SPF Record

Reported by: hackerhero | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Reset password more than once with a reset link #2

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

Error Message When Changing Username

Reported by: blake12356 | Disclosed:

Weakness: Business Logic Errors

Previous password could set as new password

Reported by: footstep | Disclosed:

The username of an account can be ..

Reported by: blake12356 | Disclosed:

Weakness: Business Logic Errors

Password token validation in Weblate Bypass

Reported by: footstep | Disclosed:

Weakness: Improper Authentication - Generic

Improper validation of unicode characters #3

Reported by: footstep | Disclosed:

No Rate Limitation on Regenerate Api Key

Reported by: footstep | Disclosed:

Improper validation of unicode characters still not fixed #2

Reported by: footstep | Disclosed:

No notificatoin sent on email after account deletion.

Reported by: mansoor_gilal | Disclosed:

Self-XSS can be achieved in the editor link using filter bypass

Reported by: sp1d3rs | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Password token validation in https://demo.weblate.org/

Reported by: brdoors3 | Disclosed:

Weakness: Improper Authentication - Generic

Captcha bypass at registration

Reported by: proabiral | Disclosed:

Low

Old password can be new password

Reported by: proabiral | Disclosed:

Low

Password Restriction

Reported by: chols | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Rate Limit Issue on hosted.weblate.org

Reported by: imran_hadid | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Insecure Account Removal #2

Reported by: japz | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Login CSRF : Login Authentication Flaw

Reported by: japz | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Reset password more than once with a reset link

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

Page 1 of 8 Next