Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

...

OESA-2026-2304 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

OESA-2026-2303 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

SUSE CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

UBUNTU-CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection v...

CVE-2026-7246

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...

Linux Distros Unpatched Vulnerability : CVE-2026-7246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

DEBIAN-CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

CVE-2026-7246 affects Pallets Click up to version 8.3.2. The vulnerability is a command injection in the click.edit() function that allows an unprivileged attacker to pass arbitrary OS commands. This is a local attack with high impact on confidentiality, integrity, and availability as per the cit...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

EUVD-2026-26375

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

Click 命令注入漏洞

Click is a Python toolkit developed by Pallets for creating command-line interfaces. Versions of Click 8.3.2 and earlier have a command injection vulnerability. This vulnerability stems from the click.edit function, which allows for command injection, potentially enabling attackers to execute...

PT-2026-36098

Name of the Vulnerable Software and Affected Versions Pallets Click versions 8.3.2 and earlier Description A command injection issue exists in the click.edit function, which allows an unprivileged account to execute arbitrary operating system commands. Recommendations Update to a version later th...

Azure Linux 3.0 Security Update: nodejs (CVE-2019-10906)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-10906 advisory. - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Note that Nessus has n...

ROS-20251229-7301

A vulnerability in the Pallets Werkzeug web application library is related to uncontrolled resource consumption in werkzeug.formparser.MultiPartParser. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition...