3 matches found
CVE-2026-48816 sigstore-js: Insufficient Verification of Data Authenticity
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...