Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

Csrf in watch-unwatch projects

Reported by: ashish_r_padelkar | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Design Flaw in session management of password reset

Reported by: asaxena2190 | Disclosed:

Weakness: Improper Access Control - Generic

Adding Email lacks Password validation

Reported by: proabiral | Disclosed:

Low

Missing restriction on string size

Reported by: proabiral | Disclosed:

Low

Improper validation of unicode characters

Reported by: asaxena2190 | Disclosed:

Weakness: Violation of Secure Design Principles

No filteration of null characters in name field

Reported by: blake12356 | Disclosed:

Weakness: Violation of Secure Design Principles

DKIM records not present, Email Hijacking is possible.....

Reported by: kaamakya | Disclosed:

Weakness: Improper Authentication - Generic

CSP "script-src" includes "unsafe-inline" in weblate.org and demo.weblate.org

Reported by: mrnull1337 | Disclosed:

Weakness: Violation of Secure Design Principles

Application allowing old password to be set as new password | hosted.weblate.org

Reported by: sadhu16 | Disclosed:

Information Disclosure

Reported by: aydinyunus | Disclosed:

Low

Improper Cookie expiration | Cookies Expiration Set to Future

Reported by: sadhu16 | Disclosed:

Low

Uploaded XLF files result in External Entity Execution

Reported by: 4cad | Disclosed:

High

Weakness: XML External Entities (XXE)

API Does Not Apply Access Controls to Translations

Reported by: 4cad | Disclosed:

Low

Weakness: Improper Access Control - Generic

No rate limiting for Remove Account lead to huge Mass mailings

Reported by: tanvir_0x | Disclosed:

Weakness: Business Logic Errors

Audit log validation

Reported by: mur90210 | Disclosed:

Weakness: Improper Neutralization of HTTP Headers for Scripting Syntax

Stored XSS @ /engage/<project_slug>

Reported by: lgian | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Reset password cookie leads to account takeover

Reported by: homaa | Disclosed:

Medium

Weakness: Reliance on Cookies without Validation and Integrity Checking in a Security Decision

no captcha for register user and weak question attacker can spam email

Reported by: fr0nk | Disclosed:

Weakness: Violation of Secure Design Principles

Email spoofing at weblate.org

Reported by: pyrk2142 | Disclosed:

Reset password more than once with a reset link

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

Previous Page 2 of 8 Next