Lucene search
K

24 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:8 p.m.6 views

Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively

Summary Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...

8.2CVSS5.8AI score0.00556EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/02/21 6:17 a.m.8 views

ALPINE-CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

5.3CVSS5.3AI score0.00556EPSS
Exploits1References1
OSV
OSV
added 2025/11/29 3:16 a.m.5 views

UBUNTU-CVE-2025-66221

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS6.6AI score0.00474EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/29 2:28 a.m.15 views

CVE-2025-66221 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS0.00474EPSS
Exploits0References3
OSV
OSV
added 2025/11/29 2:28 a.m.8 views

CVE-2025-66221 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS6.7AI score0.00474EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-3107

Malicious code in bioql PyPI...

7.5CVSS7AI score0.01093EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 6:58 p.m.13 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to to Cross-Site Request Forgery (CSRF) due to insecure debugger access in Werkzeug ( CVE-2024-34069)

Summary Potential vulnerabilities in Werkzeug has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. The debugger in affected version...

7.5CVSS7.4AI score0.03397EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.9 views

The vulnerability of the library for developing web applications – Werkzeug, related to writing beyond the buffer boundaries, allows attackers to trigger a service failure.

The vulnerability of the Werkzeug library for developing web applications relates to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.1AI score0.01072EPSS
Exploits0References10Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:45 p.m.18 views

Security Bulletin: There is a vulnerability in Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server...

7.5CVSS7.5AI score0.01093EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-34069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's...

7.5CVSS7AI score0.03397EPSS
Exploits0References2
Mageia
Mageia
added 2024/11/09 5:17 a.m.27 views

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parsing multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

7.5CVSS7.2AI score0.01093EPSS
Exploits0References2
Chainguard
Chainguard
added 2024/10/25 8:15 p.m.11 views

CVE-2024-49766 vulnerabilities

Vulnerabilities for packages: airflow, py3-werkzeug, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, emissary, kubeflow-pipelines-visualization-server, superset, mlflow, airflow-core...

6.3CVSS6.7AI score0.00786EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.12 views

Fedora: Security Advisory for mingw-python-werkzeug (FEDORA-2024-48123e7aae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.03397EPSS
Exploits0References2
Fedora
Fedora
added 2024/05/16 1:52 a.m.27 views

[SECURITY] Fedora 40 Update: mingw-python-werkzeug-3.0.3-1.fc40

MinGW Windows Python werkzeug library...

7.5CVSS6.6AI score0.03397EPSS
Exploits0
OSV
OSV
added 2024/05/06 3:15 p.m.7 views

AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

7.5CVSS6.9AI score0.03397EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.43 views

RHCOS 4 : OpenShift Container Platform 4.12.45 (RHSA-2023:7610)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7610 advisory. - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 - python-werkzeug:...

8CVSS7.1AI score0.99999EPSS
Exploits19References8
OSV
OSV
added 2023/10/25 6:17 p.m.7 views

PYSEC-2023-221

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing...

7.5CVSS6.7AI score0.01072EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/07 12:0 a.m.29 views

Debian DSA-5470-1 : python-werkzeug - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5470 advisory. - Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser m...

7.5CVSS6.4AI score0.0142EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.5 views

The vulnerability of the WSGI Werkzeug web application library relates to the distribution of resources without any restrictions or regulations, allowing a hacker to cause a service failure.

The vulnerability of the WSGI Werkzeug web application lies in the fact that the application does not properly control the consumption of internal resources when processing data with a complex structure containing a large number of fields. Exploiting this vulnerability can allow an attacker to...

6.7CVSS7.2AI score0.0142EPSS
Exploits0References11Affected Software7
UbuntuCve
UbuntuCve
added 2023/02/14 8:15 p.m.25 views

CVE-2023-23934

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

3.5CVSS6.8AI score0.00507EPSS
Exploits0References6
Rows per page
Query Builder