724 matches found
ROOT-APP-PYPI-CVE-2024-49767 CVE-2024-49767 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2024-49767 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-34069 CVE-2024-34069 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2024-34069 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-46136 CVE-2023-46136 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2023-46136 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-49766 CVE-2024-49766 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2024-49766 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-66221 CVE-2025-66221 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2025-66221 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-25577 CVE-2023-25577 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2023-25577 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-27199 CVE-2026-27199 in rootio-werkzeug - Patched by Root
Root has patched CVE-2026-27199 in the rootio-werkzeug package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-21860 CVE-2026-21860 in rootio-Werkzeug - Patched by Root
Root has patched CVE-2026-21860 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...
Pallets Werkzeug <0.15.5 - Local File Inclusion
Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...
CVE-2026-48544
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...
PT-2026-44007
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...
Security Bulletin: Vulnerability affect underscore-umd-min, werkzeug-3.1.5, flask-3.1.1, cryptography, aircompressor, pyasn1, http, log4j, apache2-build, commons-configuration, bcpkix-jdk18on, server-MariaDB, Jline, IBM COS Systems (April 2026)
Summary Vulnerability with underscore-umd-min CVE-2026-27601, werkzeug-3.1.5 CVE-2026-27199, flask-3.1.1-py3-nCVE-2026-27205, cryptographyCVE-2026-26007, aircompressorCVE-2025-67721, pyasn1CVE-2026-23490, http, log4jCVE-2025-68161, apache2-buildCVE-2025-55753, commons-configurationCVE-2024-29131,...
Astra Linux - уязвимость в python-werkzeug
Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199
Summary IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web applicati...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199
Summary IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...
Security Bulletin:Werkzeug safe_join function allows path segments with Windows device names containing file extensions or trailing spaces
Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly...
Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4
Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6
Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...
RHCOS 9 : OpenShift Container Platform 4.13.24 (RHSA-2023:7477)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7477 advisory. - python-werkzeug: high resource consumption leading to denial of service CVE-2023-46136 Note that Nessus has not tested for this issue but h...