1. CVE-2026-28684: python-dotenv Symlink Flaw Enables Arbitrary Local File Overwrite
A critical vulnerability in the python-dotenv library exposes systems to local symlink-based file overwrite attacks. CVE-2026-28684 affects version 1.1.0 and earlier, allowing a local attacker to manipulate the `set_key()` and `unset_key()` functions into redirecting writes to arbitrary files on the system. The flaw r...