Vulnerabilidades em pallets
17 resultadosCVE-2024-34069HIGHWerkzeug's improper usage of a pathname and improper CSRF protection results in the remote command executionEPSS 3.4%CVE-2023-25577HIGHWerkzeug may allow high resource usage when parsing multipart form data with many fieldsEPSS 1.4%CVE-2023-30861HIGHFlask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie headerEPSS 1.3%CVE-2024-49767MEDIUMWerkzeug possible resource exhaustion when parsing file data in formsEPSS 1.1%CVE-2023-46136HIGHWerkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginningEPSS 1.1%CVE-2024-34064MEDIUMJinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filterEPSS 1.0%CVE-2024-22195MEDIUMJinja vulnerable to Cross-Site Scripting (XSS)EPSS 0.9%CVE-2024-49766MEDIUMWerkzeug safe_join not safe on WindowsEPSS 0.8%CVE-2026-27199MEDIUMWerkzeug safe_join() allows Windows special device namesEPSS 0.6%CVE-2023-23934LOWWrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypassEPSS 0.5%CVE-2024-56326MEDIUMJinja has a sandbox breakout through indirect reference to format methodEPSS 0.5%CVE-2025-66221MEDIUMWerkzeug safe_join() allows Windows special device namesEPSS 0.5%CVE-2025-27516MEDIUMJinja sandbox breakout through attr filter selecting format methodEPSS 0.5%CVE-2026-21860MEDIUMWerkzeug safe_join() allows Windows special device names with compound extensionsEPSS 0.4%CVE-2026-27205LOWFlask session does not add `Vary: Cookie` header when accessed in some waysEPSS 0.4%CVE-2024-56201MEDIUMJinja has a sandbox breakout through malicious filenamesEPSS 0.3%CVE-2025-47278LOWFlask uses fallback key instead of current signing keyEPSS 0.2%