CVE-2026-50127 is a MEDIUM severity vulnerability in Weblate, a web-based localization tool. Versions from 5.15 to before 2026.6 are affected due to improper IP range restrictions. The `VCS_RESTRICT_PRIVATE` setting did not correctly account for certain IPv6 transitional ranges, multicast addresses, and semi-private IPv4 ranges. This oversight allowed some addresses to bypass private range restrictions. T [truncated]
CVE-2026-45106 is a MEDIUM severity vulnerability in Weblate, a web-based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. This allows any contributor whose content reaches those fields to store HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. The vulnerability has been patche [truncated]
