Lucene search
+L

30 matches found

redhatcve
redhatcve
added 2026/04/27 1:22 p.m.7 views

CVE-2026-7041

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS4.5AI score0.00412EPSS
Exploits0References1
nvd
nvd
added 2026/04/26 1:16 p.m.11 views

CVE-2026-7041

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS0.00412EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/04/26 12:45 p.m.5 views

CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS4.6AI score0.00412EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/26 12:45 p.m.10 views

CVE-2026-7041

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS4.5AI score0.00412EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2026/04/26 12:0 a.m.9 views

MiroFish 信息泄露漏洞

MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a vulnerability related to information leakage. This vulnerability stems from improper handling of the SECRET parameter in the...

6.3CVSS5.8AI score0.00412EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/26 12:0 a.m.11 views

PT-2026-35223

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS4.9AI score0.00412EPSS
Exploits0References6
redhat
redhat
added 2025/05/07 12:48 p.m.4 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
debian
debian
added 2025/02/21 4:13 p.m.11 views

[SECURITY] [DLA 4062-1] python-werkzeug security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4062-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2025 https://wiki.debian.org/LTS -...

7.5CVSS6.8AI score0.03397EPSS
Exploits0
redhat
redhat
added 2024/12/02 3:56 p.m.5 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
redhat
redhat
added 2024/11/21 9:29 a.m.10 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
redhat
redhat
added 2024/11/21 9:28 a.m.6 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
redhat
redhat
added 2024/09/05 6:33 a.m.4 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
redhat
redhat
added 2024/08/29 3:20 a.m.3 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References6
osv
osv
added 2024/05/06 3:15 p.m.8 views

AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

7.5CVSS6.9AI score0.03397EPSS
Exploits0References1
osv
osv
added 2024/05/06 2:21 p.m.5 views

GHSA-2G68-C3QC-8985 Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it...

7.5CVSS7.3AI score0.03397EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/05/06 12:0 a.m.4 views

PT-2024-25679

Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.0.3 Description The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact wit...

7.6CVSS7.6AI score0.03397EPSS
Exploits0References213
susecve
susecve
added 2023/02/15 4:9 a.m.5 views

SUSE CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

6.2CVSS7AI score0.02288EPSS
Exploits0References18
nessus
nessus
added 2022/11/17 12:0 a.m.28 views

SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383. Tenable ha...

7.5CVSS6.9AI score0.02288EPSS
Exploits0References4
ubuntu
ubuntu
added 2020/12/01 1:57 p.m.261 views

USN-4655-1: Werkzeug vulnerabilities

It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-14806 It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use th...

7.5CVSS6.5AI score0.02288EPSS
Exploits1
osv
osv
added 2020/12/01 1:57 p.m.7 views

USN-4655-1 python-werkzeug vulnerabilities

It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-14806 It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use th...

7.5CVSS6.7AI score0.02288EPSS
Exploits1References3
Rows per page
Query Builder