Lucene search
K

105 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : python-requests (EulerOS-SA-2026-2417)

According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...

5.5CVSS4.9AI score0.00182EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)

According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...

5.5CVSS5.5AI score0.00182EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.8 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-requests (SUSE-SU-2026:1647-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1647-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives a...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2026/04/28 6:3 p.m.4 views

SUSE-SU-2026:1647-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...

5.5CVSS4.5AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 12:59 p.m.10 views

OESA-2026-1909 python-pip security update

%changelog Fri Feb 13 2026 Linuxzhang [email protected] - 23.3.1-9 - Fix CVE-2026-21441 Security Fixes: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system...

5.5CVSS5.7AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 9:47 p.m.11 views

CVE-2026-34585

SiYuan prior to version 3.6.2 is affected. A crafted IAL value inside a .sy document packaged as a .sy.zip can bypass server-side attribute escaping during Import, causing an HTML context break and stored XSS. In the Electron desktop client, this XSS can execute JavaScript with Node/Electron priv...

8.6CVSS6.4AI score0.00343EPSS
Exploits1References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/03/29 8:2 a.m.6 views

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

...

5.5CVSS5.8AI score0.00182EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/26 12:27 a.m.7 views

SUSE CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References10
OSV
OSV
added 2026/03/25 5:16 p.m.6 views

UBUNTU-CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 5:2 p.m.615 views

CVE-2026-25645

The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:2 p.m.3 views

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 5:2 p.m.19 views

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 5:2 p.m.24 views

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

4.4CVSS0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 5:2 p.m.3 views

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

4.4CVSS5.9AI score0.00182EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/25 5:2 p.m.4 views

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

5.5CVSS4.5AI score0.00182EPSS
Exploits0
OSV
OSV
added 2026/03/25 4:56 p.m.5 views

GHSA-GC5V-M9X4-R6X2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/25 4:56 p.m.1 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the extractzippedpaths function. An attacker can leverage unauthorized file replacement by pre-creating a malicious file in the system's temporary directory prior to extraction. Note: Only applications that...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 4:56 p.m.6 views

EUVD-2026-15754

Requests has Insecure Temp File Reuse in its extractzippedpaths utility function...

4.4CVSS5.8AI score0.00182EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/25 4:56 p.m.4 views

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Requests 安全漏洞

Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
Rows per page
Query Builder