Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

CSRF bypass ( Delate Source Translation From dictionaries ) in demo.weblate.org

Reported by: sup3r-b0y | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Testing flow includes a DeepSource secret

Reported by: triplesided | Disclosed:

Low

Weakness: Use of Hard-coded Credentials

Account Restore / Reactivating an old email via old reset link

Reported by: footstep | Disclosed:

Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]

Reported by: homaa | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Missing Restriction On String Size

Reported by: alyanwarr | Disclosed:

Weakness: Memory Corruption - Generic

No rate limit or captcha to identify humans

Reported by: alyanwarr | Disclosed:

Weakness: Violation of Secure Design Principles

Browser Self XSS Protection not implemented

Reported by: hallaleen | Disclosed:

Weakness: Information Disclosure

Broken Authentication – Session Token bug

Reported by: code_monkey | Disclosed:

Race Condition allows to get more free trials and get more than 100 languages and strings for free

Reported by: b9cc1792602cc31402c20c9 | Disclosed:

Low

Weakness: Business Logic Errors

Account Takeover using Third party Auth CSRF

Reported by: ansariosama | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Open Github Repo Leaking WEBLATE SECRET KEY

Reported by: nafisaqil | Disclosed:

Weakness: Cleartext Storage of Sensitive Information

Full Name Overwrite on Third party login

Reported by: footstep | Disclosed:

Improper validation of unicode characters still not fixed

Reported by: footstep | Disclosed:

Running 2 accounts with a single email [Part 2]

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

Persistence of Third Party Association.

Reported by: footstep | Disclosed:

Weakness: Business Logic Errors

CSRF to Connect third party Account

Reported by: idiablos | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Missing filteration of meta characters in full name field on registration page https://demo.weblate.org/accounts/register

Reported by: sumit7 | Disclosed:

Weakness: Violation of Secure Design Principles

full path disclosure at hosted.weblate.org/admin/accounts/profile/

Reported by: geekdad | Disclosed:

Medium

Weakness: Path Traversal

7BO: Binary Option Robot URL should be HTTPS

Reported by: bf7e43565d8cf54de3bc5a7 | Disclosed:

exposure of personal IP address via email.

Reported by: micael1 | Disclosed:

Weakness: Privacy Violation

Previous Page 6 of 8 Next