79 matches found
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199
Summary IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...
Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6
Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...
RHCOS 9 : OpenShift Container Platform 4.13.24 (RHSA-2023:7477)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7477 advisory. - python-werkzeug: high resource consumption leading to denial of service CVE-2023-46136 Note that Nessus has not tested for this issue but h...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for January 2026
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF001 Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5...
Security Bulletin: Vulnerability in Werkzeug affects IBM Netezza Appliance
Summary The Werkzeug package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-21860 Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin...
Security Bulletin: Vulnerability in Werkzeug affects IBM Netezza Appliance
Summary The Werkzeug package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66221 Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin...
Security Bulletin: Cookie Parsing Vulnerability in Werkzeug Allows Subdomain Cookie Injection (≤ v2.2.2), affects watsonx.data
Summary A vulnerability in Werkzeug prior to v2.2.3 allows malicious subdomains to inject crafted "nameless" cookies that are incorrectly parsed as valid cookies. This can cause applications to accept attacker-controlled values, potentially leading to security issues. This can affect watsonx.data...
Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199)
Summary There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper handling of Windows device names due to Werkzeug
Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. CVE-2026-21860 affects Werkzeug's handling of Windows device names, which could lead to improper resource handling and potential availability impact on Windows systems. This vulnerability relates to t...
Security Bulletin: Maximo AI Service uses werkzeug-3.1.4-py3-none-any.whl, filelock-3.20.1-py3-none-any.whl which is vulnerable to CVE-2026-21860 and CVE-2026-22701.
Summary Maximo AI Service uses werkzeug-3.1.4-py3-none-any.whl, filelock-3.20.1-py3-none-any.whl which is vulnerable to CVE-2026-21860 and CVE-2026-22701. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelo...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3 which is vulnerable to CVE-2025-66221
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation
Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkze...
Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860.
Summary IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This Bulletine contains information about vulnerability and it's remediation. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...
Security Bulletin: There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21860)
Summary There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221
Summary IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860.
Summary IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-66221...
CVE-2026-27199
Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...
a2grunnerp (>=0.1.0 <=0.1.8), a4t-sale-discount (=5.0.2) +2919 more potentially affected by CVE-2026-27199 via werkzeug (>=0.10.1 <=3.1.5)
werkzeug PYPI version =0.10.1, =0.1.0, =1.0.2, =1.0.5, =0.10.3, =1.8.8, =0.3.1, =0.8.44.4, =4.2.0, =1.0.0, =0.4.0, =0.5.0 and more Source cves: CVE-2026-27199 Source advisory: OSV:GHSA-29VQ-49WR-VM6X...