13 matches found
CVE-2026-15063
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
CVE-2026-15063
The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...
CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
CVE-2026-15044
The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...
EUVD-2026-42283
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: cilium, terraform-provider-databricks-fips, kubedock-fips, xeol-fips, cert-manager-istio-csr-fips, crossplane-provider-gitlab, blob-csi, metallb-fips, grype-fips, cerbos, crossplane-provider-aws-sesv2-fips, tempo-fips, gatus, restic, rke2-cloud-provider,...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: cilium, terraform-provider-databricks-fips, kubedock-fips, xeol-fips, cert-manager-istio-csr-fips, crossplane-provider-gitlab, blob-csi, metallb-fips, grype-fips, cerbos, crossplane-provider-aws-sesv2-fips, tempo-fips, gatus, restic, rke2-cloud-provider,...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector, sqlexporter-fips, envoy-gateway-fips, spicedb-fips, grafana-alloy, authentik-fips, envoy-gateway, pgwatch, cerbos, cloudnative-pg-fips, gitlab-cng-fips, flyte, temporal-fips, splunk-otel-collector-fips, gitlab-kas-fips, caddy, kube-bench,...
CVE-2025-22874 vulnerabilities
Vulnerabilities for packages: stern, glow, minio-operator, kube-vip-cloud-provider, newrelic-k8s-metadata-injection, terraform-mcp-server, cloudprober, secrets-store-csi-driver-provider-gcp, kine, portieris, esbuild, docker-credential-ecr-login, kubernetes-csi-driver-nfs,...
GHSA-62JJ-GR2R-5C34 vulnerabilities
Vulnerabilities for packages: stern, glow, minio-operator, kube-vip-cloud-provider, newrelic-k8s-metadata-injection, terraform-mcp-server, cloudprober, secrets-store-csi-driver-provider-gcp, kine, portieris, esbuild, docker-credential-ecr-login, kubernetes-csi-driver-nfs,...
GHSA-6F52-WPX2-HVF2 vulnerabilities
Vulnerabilities for packages: stern, glow, minio-operator, kube-vip-cloud-provider, newrelic-k8s-metadata-injection, terraform-mcp-server, cloudprober, secrets-store-csi-driver-provider-gcp, kine, portieris, esbuild, docker-credential-ecr-login, kubernetes-csi-driver-nfs,...
CVE-2025-4673 vulnerabilities
Vulnerabilities for packages: stern, glow, minio-operator, kube-vip-cloud-provider, newrelic-k8s-metadata-injection, terraform-mcp-server, cloudprober, secrets-store-csi-driver-provider-gcp, kine, portieris, esbuild, docker-credential-ecr-login, kubernetes-csi-driver-nfs,...
File Upload Vulnerability in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co.
Fujian Qualicom Communication Co., Ltd. is a solution provider and service operator focusing on professional communication. A file upload vulnerability exists in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co. Ltd. that can be exploited by an attacker to upload a...