Lucene search
K

2442 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43310

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS0.00259EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday71 views

McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting

McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. reference: -...

4.6CVSS6.2AI score0.01024EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday83 views

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS7.1AI score0.53008EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday71 views

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

7.5CVSS7.1AI score0.11733EPSS
Exploits3References4
NVD
NVD
added 6 days ago7 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42293

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-15063

The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42283

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
CVE
CVE
added 6 days ago8 views

CVE-2026-15044

The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-475 PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...

9CVSS6.2AI score0.00312EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.32 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:25 p.m.6 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-42579 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not...

9.1CVSS5.3AI score0.00969EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2026/06/12 8:52 p.m.83 views

webstrike-framework

WebStrike — Automated Web Pentesting Framework Created by...

5.6AI score
Exploits0
Rows per page
Query Builder