Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in requests (CVE-2024-47081)

Summary A vulnerability in the requests library CVE-2024-47081 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 2.32.5. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to...

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the extractzippedpaths function. An attacker can leverage unauthorized file replacement by pre-creating a malicious file in the system's temporary directory prior to extraction. Note: Only applications that...

EUVD-2025-17564

Malicious code in bioql PyPI...

Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...

OESA-2025-1827 resource-agents security update

Resource agent is a standardized interface for a cluster resource. In translates a standard set of operations into steps specific to the resource or application, and interprets their results as success or failure. Security Fixes: Requests is a HTTP library. Due to a URL parsing issue, Requests...

OESA-2025-1711 resource-agents security update

Resource agent is a standardized interface for a cluster resource. In translates a standard set of operations into steps specific to the resource or application, and interprets their results as success or failure. Security Fixes: Requests is a HTTP library. Due to a URL parsing issue, Requests...

Medium: python-requests

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

GHSA-4PG4-QVPC-4Q3H Multer vulnerable to Denial of Service from maliciously crafted requests

Impact A vulnerability in Multer versions =1.4.4-lts.1 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0.0 Workarounds None...

Malicious code in requests-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5903 Malicious code in requests-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

CVE-2022-21667 Denial of Service in soketi

soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with t...