Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

ROOT-APP-PYPI-CVE-2024-49767 CVE-2024-49767 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2024-49767 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-34069 CVE-2024-34069 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2024-34069 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-46136 CVE-2023-46136 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2023-46136 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-49766 CVE-2024-49766 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2024-49766 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-66221 CVE-2025-66221 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2025-66221 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-25577 CVE-2023-25577 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2023-25577 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-27199 CVE-2026-27199 in rootio-werkzeug - Patched by Root

Root has patched CVE-2026-27199 in the rootio-werkzeug package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-21860 CVE-2026-21860 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2026-21860 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

CVE-2026-48544

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

PT-2026-44007

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

Security Bulletin: Vulnerability affect underscore-umd-min, werkzeug-3.1.5, flask-3.1.1, cryptography, aircompressor, pyasn1, http, log4j, apache2-build, commons-configuration, bcpkix-jdk18on, server-MariaDB, Jline, IBM COS Systems (April 2026)

Summary Vulnerability with underscore-umd-min CVE-2026-27601, werkzeug-3.1.5 CVE-2026-27199, flask-3.1.1-py3-nCVE-2026-27205, cryptographyCVE-2026-26007, aircompressorCVE-2025-67721, pyasn1CVE-2026-23490, http, log4jCVE-2025-68161, apache2-buildCVE-2025-55753, commons-configurationCVE-2024-29131,...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. In affected versions of Werkzeug, the debugger can allow an attacker to execute code on a developer’s machine under certain circumstances. This requires the attacker to get the developer to interact with a domain and subdomain that they...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug’s multipart form data parser would parse an unlimited number of parts, including file parts. These parts could be small amounts of data, but each part requires CPU time to parse, and may consume more memory...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

Security Bulletin: IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199

Summary IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web applicati...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199

Summary IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...

Security Bulletin:Werkzeug safe_join function allows path segments with Windows device names containing file extensions or trailing spaces

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly...

Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...