Obscuredeer

**Name of the Vulnerable Software and Affected Versions** Weblate versions prior to 5.12 **Description** The verification of the second factor was not subject to rate limiting, allowing an attacker with valid credentials to automate OTP guessing via the second factor endpoint. **Recommendations** For versions prior to 5.12, update to version 5.12 to resolve the issue. As a temporary workaround, consider restricting access to the second factor endpoint to minimize the risk of exploitation.