Ansible-Automation-Platform-26 Lightspeed-Chatbot-Rhel9 vulnerabilities

CVE-2026-42208 [CRITICAL] CWE-89 LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploitin

CVE-2026-41140 [LOW] CWE-22 poetry: python: Poetry: Path traversal vulnerability allows arbitrary file write via malicious package extraction poetry: python: Poetry: Path traversal vulnerability allows arbitrary file write via malicious package extraction A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote attacker to perform a path traversal attack. By crafting a malicious software package, the `extractall()` function in Poetry can be tricked into wr

CVE-2026-41988 [LOW] CWE-787 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected. Pack

CVE-2026-28684 [MEDIUM] CWE-59 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the `set_key()` and `unset_key()` functions in python-dotenv follow when rewriting `.env` files. This can lead to the overwriting of arbitrary files on the system. Mitigation: Mitigation for this i

CVE-2026-40347 [MEDIUM] CWE-1050 python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to