Lucene search
K

58750 matches found

ATTACKERKB
ATTACKERKB
added 8 hours ago3 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday2 views

Important: Red Hat Security Advisory: DevWorkspace Operator 0.42.0 release.

DevWorkspace Operator 0.42.0 has been released. The DevWorkspace Operator extends OpenShift to provide DevWorkspace support...

10CVSS6.7AI score0.00513EPSS
Exploits0References9
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-15063

The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...

6.3CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-15044

The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...

6.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42283

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score
Exploits0References2
Wolfi
Wolfi
added yesterday5 views

GHSA-Q6H5-Q3Q6-F87X vulnerabilities

Vulnerabilities for packages: kubescape, kubescape-operator, hubble-ui...

5.9AI score
Exploits0
Wolfi
Wolfi
added yesterday8 views

CVE-2026-53935 vulnerabilities

Vulnerabilities for packages: kubescape, kubescape-operator, hubble-ui...

6.9CVSS5.9AI score0.00341EPSS
Exploits0
Chainguard
Chainguard
added yesterday7 views

GHSA-Q6H5-Q3Q6-F87X vulnerabilities

Vulnerabilities for packages: kubescape-server, hubble-ui-backend-fips, kubescape, kubescape-operator-fips, hubble-ui, kubescape-operator, kubescape-server-fips...

5.9AI score
Exploits0
Chainguard
Chainguard
added yesterday4 views

CVE-2026-53935 vulnerabilities

Vulnerabilities for packages: kubescape-server, hubble-ui-backend-fips, kubescape, kubescape-operator-fips, hubble-ui, kubescape-operator, kubescape-server-fips...

6.9CVSS5.9AI score0.00341EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added yesterday4 views

CVE-2026-47829 - Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | Cloud Foundry

High CVSSv4: High 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description Argume...

8.3CVSS6.2AI score
Exploits0
Nuclei
Nuclei
added 2 days ago238 views

MinIO Operator Console Authentication Bypass

MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...

9.8CVSS7.2AI score0.46706EPSS
Exploits1References5
OSV
OSV
added 2 days ago5 views

PYSEC-2026-1927 Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...

8.7CVSS6.7AI score0.00137EPSS
Exploits0References9
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

0.00438EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-27790

Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...

2.7CVSS0.00227EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42002

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder