Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/12 8:50 a.m.5 views

CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00022EPSS
Exploits1References3
SUSE Linux
SUSE Linuxadded 2026/04/22 7:22 a.m.4 views

Security update for python-python-multipart

This update for python-python-multipart fixes the following issue: CVE-2026-40347: crafted multipart/form-data can cause a denial of service bsc1262403. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.9CVSS5.7AI score0.00022EPSS
Exploits0References4
OSV
OSVadded 2025/08/15 12:39 p.m.3 views

OESA-2025-1996 python-werkzeug security update

A comprehensive WSGI web application library Security Fixes: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal...

8CVSS6.9AI score0.00878EPSS
Exploits0References2
OpenVAS
OpenVASadded 2023/06/09 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for python-werkzeug (EulerOS-SA-2023-2167)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.1AI score0.00366EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2023/03/16 12:0 a.m.23 views

Fedora 37 : mingw-python-werkzeug (2023-af75e27098)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af75e27098 advisory. Update to python-werkzeug-2.2.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

7.5CVSS6.5AI score0.00366EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2023/02/15 3:36 p.m.42 views

High resource usage when parsing multipart form data with many fields

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...

7.5CVSS7.2AI score0.00366EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder