Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 2:29 p.m.15 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199

Summary IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web applicati...

6.3CVSS5.7AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 10:45 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as...

6.3CVSS5.2AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 2:27 p.m.7 views

Security Bulletin: IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860.

Summary IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860. This bulletin contains information regarding the vulnerability and its...

6.9CVSS6.4AI score0.00556EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:59 p.m.4 views

Security Bulletin: Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199.

Summary Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library...

6.3CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.6 views

Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199)

Summary There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin...

6.3CVSS5.8AI score0.00556EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.5 views

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.2AI score0.00556EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.7 views

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS6.4AI score0.00556EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/21 5:15 a.m.7 views

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.2AI score0.00556EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/02/21 5:15 a.m.6 views

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.3AI score0.00556EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/19 8:32 p.m.6 views

abilian-sbe (>=1.1.0 <=1.1.12), acfx (>=0.3.1 <=0.3.7.dev2) +701 more potentially affected by CVE-2025-66221 +1 more via werkzeug (>=3.0.0 <=3.1.5)

werkzeug PYPI version =3.0.0, =1.1.0, =0.3.1, =4.11.0, =1.0.0, =0.1.3, =0.2.4.1, =0.0.1, =1.3.0, =0.1.0, =0.1.1, =0.5.7, =0.1.0, =0.4.0 and more Source cves: CVE-2025-66221, CVE-2026-27199 Source advisory: SNYK:PYTHON-WERKZEUG-15322677...

6.3CVSS5.8AI score0.00556EPSS
Exploits1
Rows per page
Query Builder