Lucene search
+L

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

openSUSE 16 Security Update : python-requests (openSUSE-SU-2026:20926-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20926-1 advisory. This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zi...

5.5CVSS5.6AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 4:38 p.m.8 views

OPENSUSE-SU-2026:20926-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.3AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 4:27 p.m.6 views

SUSE-SU-2026:22055-1 Security update for python-requests

This update for python-requests fixes the following issue: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS5.3AI score0.00182EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : python-requests (SUSE-SU-2026:1644-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1644-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses targ...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/28 1:31 p.m.8 views

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

6.8CVSS4.5AI score0.00182EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:30 p.m.8 views

SUSE CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

8.1CVSS5.8AI score0.00579EPSS
Exploits0References26
Vulnrichment
Vulnrichment
added 2026/03/25 5:2 p.m.22 views

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 5:2 p.m.779 views

CVE-2026-25645

The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/25 4:56 p.m.7 views

GHSA-GC5V-M9X4-R6X2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2022/02/26 5:15 a.m.48 views

CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...

7.8CVSS2.9AI score0.00253EPSS
Exploits0
CVE
CVE
added 2022/02/26 4:6 a.m.114 views

CVE-2022-24986

CVE-2022-24986 affects KDE KCron up to version 21.12.2, where saving creates a temporary file in /tmp and reuses the filename during an editing session. This enables a local attacker who watches the file creation to intercept it on the following save and potentially run unauthorized commands. The...

7.8CVSS7.4AI score0.00253EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder