Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)

According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...

5.5CVSS5.5AI score0.00182EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

openSUSE 16 Security Update : python-requests (openSUSE-SU-2026:20926-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20926-1 advisory. This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zi...

5.5CVSS5.6AI score0.00182EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.13 views

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2310)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.5AI score0.0039EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.14 views

EulerOS 2.0 SP13 : python-requests (EulerOS-SA-2026-2313)

According to the versions of the python-requests packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename...

5.5CVSS5.4AI score0.00182EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : python-requests (EulerOS-SA-2026-2263)

According to the versions of the python-requests packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename...

5.5CVSS5.4AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 2:58 p.m.13 views

CLEANSTART-2026-NN42198 Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1

Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details...

8.9CVSS6.5AI score0.01438EPSS
Exploits4References28
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 7:19 a.m.19 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

9.8CVSS6.9AI score0.0047EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/29 1:34 p.m.12 views

OESA-2026-2497 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS6.2AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.15 views

Fedora 43 : python-pulp-glue / python-requests (2026-8ad863685a)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8ad863685a advisory. 2.33.1 2026-03-30 ------------------- Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:16 p.m.10 views

OESA-2026-2361 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS6.2AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.10 views

Fedora 44 : python-pulp-glue / python-requests (2026-44919b3d9f)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-44919b3d9f advisory. 2.33.1 2026-03-30 ------------------- Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 4:11 a.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 2:51 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses requests-2.32.4-py3-none-any.whl, requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses requests-2.32.4-py3-none-any.whl, requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

5.5CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 11:40 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645.

Summary IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645...

5.9CVSS4.7AI score0.00449EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/04/28 6:3 p.m.4 views

SUSE-SU-2026:1647-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS4.5AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 1:31 p.m.4 views

SUSE-SU-2026:1644-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS4.5AI score0.00182EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/04/16 12:0 a.m.22 views

Fedora: Security Advisory (FEDORA-2026-2af3865ebf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.8AI score0.00438EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.2 views

Fedora 45 : pypy (2026-ae330775b9)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae330775b9 advisory. JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869 Tenable has extracted the preceding description blo...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 2:30 p.m.5 views

SUSE-SU-2026:21036-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/04/06 11:43 p.m.6 views

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4. A patched version of the package is available...

5.5CVSS6.1AI score0.00182EPSS
Exploits0
Rows per page
Query Builder