UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

NetworkManager security update

An update is available for NetworkManager. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list NetworkManager is a system network service that manages network device...

CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

CVE-2026-44594

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

CVE-2026-49238

CVE-2026-49238 affects Canonical Multipass

EUVD-2026-32899

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

pyjwt 代码问题漏洞

PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, there were code vulnerabilities in PyJWT. These vulnerabilities stemmed from PyJWKClient directly passing the uri parameter to...

PT-2026-44394

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWKClient passes the uri argument directly to urllib.request.urlopen, which utilizes the default OpenerDirector of the Python standard library. This allows the registration of HTTPHandler,...

PT-2026-44492

Name of the Vulnerable Software and Affected Versions Portainer CE affected versions not specified Description Insecure default settings grant regular non-administrative users privileges that allow access to the host filesystem and host-level code execution. An authenticated user with endpoint...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for the Flask session directory during the patching of CVE-2026-33509. Authorized attackers could s...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of symbolic links in shared libraries. An attacker can access arbitrary files on the controller filesystem by controlling the contents of a library used by a Pipeline job. Details A Directory Travers...

PYSEC-2026-180

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

PYSEC-0000-CVE-2026-44353

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

PYSEC-2026-180

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

CVE-2026-44353

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...