UBUNTU-CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

CVE-2026-31249

CosyVoice contains an insecure deserialization vulnerability (CWE-502) in its data processing tool make_parquet_list.py. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) with torch.load() without enabling weights_only=True, allowing the deserialization ...

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

EUVD-2026-23676

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

EUVD-2026-20465

Rejected reason: Not used...

GHSA-56P5-8MHR-2FPH LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

EUVD-2026-18815

Rejected reason: Not used...

EUVD-2026-15989

Rejected reason: Not used...

EUVD-2026-10954

Rejected reason: Not used...

EUVD-2026-10953

Rejected reason: Not used...

EUVD-2026-10038

Rejected reason: Not used...

EUVD-2026-10037

Rejected reason: Not used...

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

EUVD-2026-9363

Rejected reason: Not used...

EUVD-2026-8639

Rejected reason: Not used...

karakeep 跨站脚本漏洞

Karakeep is an open-source bookmarking app developed by Karakeep App. Version 0.30.0 of Karakeep contains a cross-site scripting vulnerability. This vulnerability arises from the Reddit meta-fetching plugin not using DOMPurify to clean HTML content, allowing malicious HTML to be executed in users...

CVE-2026-26331

A flaw was found in yt-dlp, a command-line audio/video downloader. When the --netrc-cmd command-line option is enabled, a remote attacker can exploit a maliciously crafted URL to achieve arbitrary command injection. This allows the attacker to execute unauthorized commands on the user's system,...

CVE-2026-27534

Not used...

CVE-2026-27533

Not used...