103 matches found
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-requests (SUSE-SU-2026:1647-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1647-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives a...
SUSE-SU-2026:1647-1 Security update for python-requests
This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...
OESA-2026-1909 python-pip security update
%changelog Fri Feb 13 2026 Linuxzhang [email protected] - 23.3.1-9 - Fix CVE-2026-21441 Security Fixes: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system...
CVE-2026-34585
SiYuan prior to version 3.6.2 is affected. A crafted IAL value inside a .sy document packaged as a .sy.zip can bypass server-side attribute escaping during Import, causing an HTML context break and stored XSS. In the Electron desktop client, this XSS can execute JavaScript with Node/Electron priv...
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
...
SUSE CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
UBUNTU-CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645
The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
EUVD-2026-15754
Requests has Insecure Temp File Reuse in its extractzippedpaths utility function...
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...
GHSA-GC5V-M9X4-R6X2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...
Insecure Temporary File
Overview Affected versions of this package are vulnerable to Insecure Temporary File via the extractzippedpaths function. An attacker can leverage unauthorized file replacement by pre-creating a malicious file in the system's temporary directory prior to extraction. Note: Only applications that...
Requests 安全漏洞
Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...
[SECURITY] [DLA 4374-2] pdfminer security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4374-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 08, 2026 https://wiki.debian.org/LTS -...
GHSA-4C5F-9MJ4-M247 flagd: Multiple Go Runtime CVEs Impact Security and Availability
Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...