Security Bulletin: IBM Maximo Scheduler Optimizer uses requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645

Summary IBM Maximo Scheduler Optimizer uses requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016500 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...

Astra Linux - уязвимость в requests

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

Astra Linux - уязвимость в requests

Requests is an HTTP library. Due to an URL parsing issue, versions of Requests before 2.32.4 may expose .netrc credentials to third parties for specific, maliciously crafted URLs. Users should upgrade to version 2.32.4 to resolve this issue. For earlier versions of Requests, the use of the .netrc...

CVE-2026-39848

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

CVE-2026-0562

CVE-2026-0562 affects parisneo/lollms up to version 2.2.0. The vulnerability is an IDOR in the respond_request() flow at /api/friends/requests/{friendship_id}, where the authenticated user is not checked for membership in the friendship or for being the intended recipient. As described in Red Hat...

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

0lever-utils (>=0.0.2 <=0.0.7), 128autograder (>=5.0.1 <=6.0.0rc3) +14812 more potentially affected by CVE-2026-25645 via requests (>=0.13.7 <=2.32.5)

requests PYPI version =0.13.7, =0.0.2, =5.0.1, =0.3.0, =0.0.1a0, =0.1.1001, =0.1.0, =0.0.1, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 and more Source cves: CVE-2026-25645 Source advisory: OSV:GHSA-GC5V-M9X4-R6X2...

Requests 安全漏洞

Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...

python27:2.7 security and bug fix update

An update is available for python-mock, module.python-sqlalchemy, python-backports-sslmatchhostname, python-attrs, python-chardet, python2-rpm-macros, module.numpy, module.python-mock, python-pymongo, python-markupsafe, python-psycopg2, python2-six, module.python-funcsigs, module.python-pygments,...

EulerOS Virtualization 2.12.0 : python-pip (EulerOS-SA-2026-1514)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...

Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005325 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...

EulerOS Virtualization 2.10.0 : python-pip (EulerOS-SA-2026-1194)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...

Security Bulletin: Vulnerabilities in Requets affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerabilities in Requets affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties...

MiracleLinux 7 : python-pip-9.0.3-7.el7 (AXSA:2020-4518:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4518:01 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...

MiracleLinux 4 : bind-9.8.2-0.68.8.0.2.rc1.AXS4 (AXBA:2021-1480:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2021-1480:02 advisory. - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the...

Security Bulletin:Vulnerability in Requests affects IBM Netezza Appliance

Summary The Requests package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-47081, CVE-2023-32681, CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases...

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2026-1099)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiati...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2025-2630)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...