5 matches found
EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2025-2399)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for...
Security Bulletin: IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182
Summary IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION:...
ALPINE-CVE-2024-47081
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be...
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Impact If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance she is not authorized to access, can gain read, update and delete access to it...
FUEL CMS Cross-Site Request Forgery Vulnerability (CNVD-2021-18031)
FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site request forgery vulnerability exists in the blocks/create/Create Blocks section of the Admin console in FUEL CMS version 1.4.4. The vulnerability stems from the WEB application not adequately verifying th...