Lucene search
+L

188 matches found

Cvelist
Cvelist
•added 2026/07/08 7:14 p.m.•31 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS0.00355EPSS
Exploits0References3
CVE
CVE
•added 2026/07/08 7:14 p.m.•8 views

CVE-2026-59821

LiteLLM is a proxy/AI Gateway for LLM API calls. A vulnerability exists in production create/update paths of Custom Code Guardrails before version 1.82.0-stable, where sandboxing/validation was not applied consistently with the test endpoint, allowing a privileged user to submit custom Python cod...

7.2CVSS6AI score0.00355EPSS
Exploits0References3Affected Software1
OSV
OSV
•added 2026/07/08 7:14 p.m.•2 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS6.2AI score0.00355EPSS
Exploits0References5
NVD
NVD
•added 2026/07/08 3:16 p.m.•8 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
CVE
CVE
•added 2026/07/08 2:37 p.m.•8 views

CVE-2026-15044

The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/07/08 2:37 p.m.•44 views

CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
EUVD
EUVD
•added 2026/07/08 2:37 p.m.•6 views

EUVD-2026-42283

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/07/08 2:37 p.m.•6 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/08 12:0 a.m.•6 views

PT-2026-56458

Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...

6.3CVSS6.1AI score0.0017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/08 12:0 a.m.•10 views

PT-2026-56544

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.82.0-stable Description LiteLLM is a proxy server that acts as an AI Gateway for calling LLM APIs. A flaw exists in the production create and update paths of the Custom Code Guardrails, which failed to apply the sam...

2.1CVSS6.1AI score0.00355EPSS
Exploits0References9
OSV
OSV
•added 2026/07/07 2:34 p.m.•4 views

PYSEC-2026-1431 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References7
OSV
OSV
•added 2026/06/29 11:50 a.m.•8 views

PYSEC-2026-347 Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.3AI score0.00635EPSS
Exploits0References5
The Hacker News
The Hacker News
•added 2026/06/10 10:27 a.m.•24 views

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
•added 2026/06/07 12:43 a.m.•13 views

CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References1
PyPA
PyPA
•added 2026/06/05 8:17 p.m.•9 views

PYSEC-0000-CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/05 8:17 p.m.•12 views

PYSEC-2026-206

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References3Affected Software1
NVD
NVD
•added 2026/06/05 8:17 p.m.•16 views

CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS0.00276EPSS
Exploits0References3
OSV
OSV
•added 2026/06/05 8:17 p.m.•11 views

PYSEC-2026-206

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/05 7:35 p.m.•9 views

CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References4
Rows per page
Query Builder