Ansible-Automation-Platform-24 Lightspeed-Rhel8 vulnerabilities

CVE-2026-7020 [MEDIUM] CWE-22 Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler A flaw was found in Ollama, specifically within the Tensor Model Transfer Handler component. A remote attacker can exploit this vulnerability by manipulating the `digest` argument in the `digestToPath` function, leading to a path traversal. This allows unauthorized access to files or directories on the system. T

CVE-2026-41481 [MEDIUM] CWE-918 langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Request Forgery (SSRF) bypass, allows a remote attacker to redirect a seemingly safe URL to internal network resources. By exploiting unvalidat

CVE-2026-41488 [LOW] CWE-367 langchain-openai: Langchain-openai: Server-Side Request Forgery (SSRF) protection bypass via DNS rebinding langchain-openai: Langchain-openai: Server-Side Request Forgery (SSRF) protection bypass via DNS rebinding A flaw was found in langchain-openai. A remote attacker could exploit a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, also known as a DNS rebinding vulnerability. This occurs because the _url_to_size() helper, used for image token counting, validate

CVE-2026-41988 [LOW] CWE-787 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected. Pack

CVE-2026-40895 [MEDIUM] CWE-212 follow-redirects: follow-redirects: Information disclosure via cross-domain redirects follow-redirects: follow-redirects: Information disclosure via cross-domain redirects A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redi

CVE-2026-28684 [MEDIUM] CWE-59 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the `set_key()` and `unset_key()` functions in python-dotenv follow when rewriting `.env` files. This can lead to the overwriting of arbitrary files on the system. Mitigation: Mitigation for this i