CVE-2026-9796

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]

Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

CVE-2025-71215

The vulnerability CVE-2025-71215 is a TOCTOU race condition in the Trend Micro Apex One (mac) agent iCore service signature verification that can allow a local attacker with low-privilege code execution to escalate privileges. Affected software is the Apex One mac agent; the flaw arises during si...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Avoid reading the written value in the offset array. When sending a transaction, its offset array is first copied into the target process’s virtual memory area vma. Then, the values are read back from there. This is...

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

PT-2026-39214

Name of the Vulnerable Software and Affected Versions Postiz versions 2.16.6 through 2.21.6 Description Postiz is an AI social media scheduling tool. A Time-of-Check-Time-of-Use TOCTOU issue exists where the isSafePublicHttpsUrl function resolves DNS to validate the target IP, but subsequent fetc...

Spring Cloud Config Server Susceptible To TOCTOU Attack

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

CVE-2026-7846

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

PT-2026-37083

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api server/openai routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads ...

JLSEC-2026-212

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

CVE-2026-41488 angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

CVE-2026-41488

CVE-2026-41488 affects the langchain-openai component prior to version 1.1.14. The issue stems from the _url_to_size() helper (used by get_num_tokens_from_messages for image token counting): it validates URLs to provide SSRF protection, then fetches them in a separate network operation with an in...

PT-2026-35087

Name of the Vulnerable Software and Affected Versions langchain-openai versions prior to 1.1.14 Description The url to size helper function, utilized by get num tokens from messages for image token counting, contains a Time-of-Check to Time-of-Use TOCTOU flaw. The function validates URLs for...

CVE-2026-35356

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

UBUNTU-CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

PT-2026-34490

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

Linux Distros Unpatched Vulnerability : CVE-2026-35359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks...

Exploit for CVE-2026-1880

CVE-2026-1880 Your browser does not support embedded video...