Werkzeug Debug Console Enabled
Werkzeug is a popular framework for developing Python web applications. Werkzeug comes with a debugger that should not be enabled in production.
If the debugger is enabled without a PIN, attackers can easily use the Werkzeug debug console to run arbitrary commands on the host as the user running the vulnerable Python application. Even if remote code execution is not possible, attackers may still gain valuable information about the behavior of the application that can be used for other types of attacks.