EUVD-2026-34912

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

libtpms-devel-0.10.2-1.1 on GA media (moderate)

libtpms-devel-0.10.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10422-1 Rating: moderate Cross-References: CVE-2026-21444 CVSS scores: CVE-2026-21444 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2026-21444 SUSE : 6...

SUSE CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

Fedora 42 : python-uv-build / rust-ambient-id / uv (2026-086a367966)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-086a367966 advisory. Update uv and python-uv-build to 0.10.2. There are some minor breaking changes in uv; most users should not have to change anything. See...

[SECURITY] Fedora 43 Update: libtpms-0.10.2-1.fc43

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

Fedora 43 : libtpms (2026-21a2a74849)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-21a2a74849 advisory. Upgrade to libtpms 0.10.2 fixing CVE-2026-21444 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

UBUNTU-CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

CVE-2026-21444 affects libtpms when integrated with OpenSSL 3.x, with vulnerable versions 0.10.0 and 0.10.1. The issue is that the library returns the initial IV instead of the last IV for certain symmetric ciphers, weakening confidentiality. Affected deployments using OpenSSL 3.x are at risk of ...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

EUVD-2026-0753

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

vLLM 缓冲区错误漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A buffer error vulnerability exists in vLLM versions 0.10.2 through prior to 0.11.1, which stems from the presence of a memory corruption in the Completions API endpoint that could lead to a cras...

EUVD-2019-9472

Malware in sbrugna...

EUVD-2022-45038

Malicious code in bioql PyPI...

EUVD-2022-6977

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-39264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which coul...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper handling of large archives. By creating a malicious archive with very large amounts of padding an attacker can cause the application to consume excessive memory...

CVE-2025-0184

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...