CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

EUVD-2026-34912

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

CVE-2026-4032

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

OPENSUSE-SU-2026:10949-1 git-bug-0.10.1-5.1 on GA media

These are all security issues fixed in the git-bug-0.10.1-5.1 package on the GA media of openSUSE Tumbleweed...

Caddy Defender trusted proxy client IP bypass

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...

Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

PT-2026-42048

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...

@2nova/wu-ui (>=1.1.0 <=1.1.19), @ada-lc/fusion-materials (>=0.1.1 <=0.1.3) +481 more potentially affected by unknown CVE via @antv/data-set (>=0.10.1 <=0.11.8)

@antv/data-set NPM version =0.10.1, =1.1.0, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =0.5.0-alpha.0, =0.1.16, =0.1.1, =1.0.4, =0.0.1, =1.0.2, =1.0.0-alpha.1, =1.0.3, =1.0.3-alpha.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3868...

OPENSUSE-SU-2026:10803-1 git-bug-0.10.1-4.1 on GA media

These are all security issues fixed in the git-bug-0.10.1-4.1 package on the GA media of openSUSE Tumbleweed...

TLS hostname verification disabled when using Boring TLS backend

An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0111...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0136...

CVE-2026-4032

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-35044 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-35044 Source advisory: OSV:PYSEC-2026-159...

CLEANSTART-2026-CE02533 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2025-62820, CVE-2026-30836, CVE-2026-33186, ghsa-p77j-4mvh-x3m3, ghsa-q4r8-xm5f-56gw applied in versions: 0.10.1-r0, 0.9.10-r0, 0.9.9-r0, 0.9.9-r1

Multiple security vulnerabilities affect the step-issuer package. These issues are resolved in later releases. See references for individual vulnerability details...

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.10.1 to 0.18.0 contained a security vulnerability. This vulnerability stemmed from the hardcoding of trustremotecode=True in two model implementation...

@aero-js/config (>=0.3.3 <=0.3.5), @aero-js/core (>=0.3.3 <=0.3.5) +57 more potentially affected by CVE-2026-33131 +1 more via srvx (>=0.10.1 <=0.11.12)

srvx NPM version =0.10.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =2.4.0-alpha.2, =2.4.0-alpha.2, =0.1.2, =0.0.1-alpha.0, =0.7.14, =0.2.0, =3.32.0, =3.33.0 and more Source cves: CVE-2026-33131, CVE-2026-33732 Source advisory: SNYK:JS-SRVX-15790571...

SUSE CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...