GHSA-8W7Q-Q5JP-JVGX Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`

Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current project, URL validation is performed using the function validateurl. The current checking logic uses urlparse to parse the hostname part ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016506)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016506 advisory. Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint...

GHSA-Q9PW-VMHH-384G PraisonAI has an SSRF bypass

Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

Security Bulletin: There is a vulnerability in requests-2.32.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-25645)

Summary There is a vulnerability in requests-2.32.5-py3-none-any.whlused by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility...

Astra Linux - уязвимость в requests

Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...

Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645.

Summary IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645...

CodeAlpha_Bug-Bounties-Tool

CodeAlphaBug-Bounties-Tool A lightweight bug bounty automatio...

OESA-2026-1909 python-pip security update

%changelog Fri Feb 13 2026 Linuxzhang [email protected] - 23.3.1-9 - Fix CVE-2026-21441 Security Fixes: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system...

Vulnerable-Web-App-Scanner

Vulnerable-Web-App-Scanner Pent...

GHSA-5QVP-PR9F-2G2V poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645

Pin vulnerable version of requests library...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-25645)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-25645 advisory. - Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths...

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

...

Security Bulletin: IBM Cloud Pak for Data System 2.0 is affected by credential leakage due to requests library

Summary The requests library is used by IBM Cloud Pak for Data System 2.0 as an HTTP library for Python applications. CVE-2024-47081 affects the requests library's URL parsing mechanism where a vulnerability allows .netrc credentials to be leaked to third parties when processing specific...

SUSE CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-25645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files fr...

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

ALPINE-CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

DEBIAN-CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...