CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

RedhatCVE•added 2026/04/27 1:22 p.m.•3 views

CVE-2026-7041

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS4.5AI score0.00014EPSS

Exploits0References1

NVD•added 2026/04/26 1:16 p.m.•0 views

CVE-2026-7041

6.3CVSS0.00014EPSS

Exploits0References5

Vulnrichment•added 2026/04/26 12:45 p.m.•2 views

CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure

6.3CVSS4.6AI score0.00014EPSS

Exploits0References5

ATTACKERKB•added 2026/04/26 12:45 p.m.•2 views

CVE-2026-7041

6.3CVSS4.5AI score0.00014EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/04/26 12:0 a.m.•3 views

MiroFish 信息泄露漏洞

MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a vulnerability related to information leakage. This vulnerability stems from improper handling of the SECRET parameter in the...

6.3CVSS5.8AI score0.00014EPSS

Exploits0References2

Positive Technologies•added 2026/04/26 12:0 a.m.•2 views

PT-2026-35223

6.3CVSS4.9AI score0.00014EPSS

Exploits0References6

RedHat Linux•added 2025/05/07 12:48 p.m.•1 views

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

7.5CVSS7.4AI score0.4365EPSS

Exploits0References6

Debian•added 2025/02/21 4:13 p.m.•9 views

[SECURITY] [DLA 4062-1] python-werkzeug security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4062-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2025 https://wiki.debian.org/LTS -...

7.5CVSS6.8AI score0.4365EPSS

Exploits0

RedHat Linux•added 2024/12/02 3:56 p.m.•3 views

python-werkzeug: user may execute code on a developer's machine

7.5CVSS7.4AI score0.4365EPSS

Exploits0References6

RedHat Linux•added 2024/11/21 9:29 a.m.•7 views

python-werkzeug: user may execute code on a developer's machine

7.5CVSS7.4AI score0.4365EPSS

Exploits0References6

RedHat Linux•added 2024/11/21 9:28 a.m.•2 views

python-werkzeug: user may execute code on a developer's machine

7.5CVSS7.4AI score0.4365EPSS

Exploits0References6

RedHat Linux•added 2024/09/05 6:33 a.m.•2 views

python-werkzeug: user may execute code on a developer's machine

7.5CVSS7.4AI score0.4365EPSS

Exploits0References6

RedHat Linux•added 2024/08/29 3:20 a.m.•2 views

python-werkzeug: user may execute code on a developer's machine

7.5CVSS7.4AI score0.4365EPSS

Exploits0References6

OSV•added 2024/05/06 3:15 p.m.•3 views

AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

7.5CVSS6.9AI score0.4365EPSS

Exploits0References1

OSV•added 2024/05/06 2:21 p.m.•3 views

GHSA-2G68-C3QC-8985 Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it...

7.5CVSS7.3AI score0.4365EPSS

Exploits0References8

Positive Technologies•added 2024/05/06 12:0 a.m.•2 views

PT-2024-25679

Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.0.3 Description The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact wit...

8CVSS7.6AI score0.4365EPSS

Exploits0References55

SUSE CVE•added 2023/02/15 4:9 a.m.•1 views

SUSE CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

6.2CVSS7AI score0.00259EPSS

Exploits0References18

Tenable Nessus•added 2022/11/17 12:0 a.m.•28 views

SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same...

7.5CVSS6.8AI score0.00259EPSS

Exploits0References4

OSV•added 2020/12/01 1:57 p.m.•1 views

USN-4655-1 python-werkzeug vulnerabilities

It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-14806 It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use th...

7.5CVSS6.7AI score0.00923EPSS

Exploits1References3

Ubuntu•added 2020/12/01 1:57 p.m.•253 views

USN-4655-1: Werkzeug vulnerabilities

7.5CVSS6.5AI score0.00923EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by