| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27199 | Werkzeug safe_join() allows Windows special device names | pallets | werkzeug | - | - | 2026-02-21 05:15:53 | Deep Dive |
| CVE-2026-21860 | Werkzeug safe_join() allows Windows special device names with compound extensions | pallets | werkzeug | 中危 | - | 2026-01-08 18:34:05 | Deep Dive |
| CVE-2025-66221 | Werkzeug safe_join() allows Windows special device names | pallets | werkzeug | 中危 | - | 2025-11-29 02:28:35 | Deep Dive |
| CVE-2024-49767 | Werkzeug possible resource exhaustion when parsing file data in forms | pallets | werkzeug | 中危 | - | 2024-10-25 19:41:35 | Deep Dive |
| CVE-2024-49766 | Werkzeug safe_join not safe on Windows | pallets | werkzeug | 低危 | - | 2024-10-25 19:22:36 | Deep Dive |
| CVE-2024-34069 | Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution | pallets | werkzeug | High | 7.5 | 2024-05-06 14:44:39 | Deep Dive |
| CVE-2023-46136 | Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning | pallets | werkzeug | High | 8.0 | 2023-10-24 23:48:57 | Deep Dive |
| CVE-2023-25577 | Werkzeug may allow high resource usage when parsing multipart form data with many fields | pallets | werkzeug | High | 7.5 | 2023-02-14 19:56:26 | Deep Dive |
| CVE-2023-23934 | Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass | pallets | werkzeug | Low | 2.6 | 2023-02-14 19:56:23 | Deep Dive |