20 matches found
lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)
llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...
EUVD-2025-36503
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103
CVE-2025-12103 affects Red Hat OpenShift AI Service (TrustyAI). The component creates a role trustyai-service-operator-lmeval-user-role and a ClusterRoleBinding trustyai-service-operator-default-lmeval-user-rolebinding applied to system:authenticated, granting every authenticated user/service acc...
CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
Red Hat OpenShift AI 安全漏洞
Red Hat OpenShift AI is an AI-oriented lifecycle management platform from Red Hat USA. A security vulnerability exists in Red Hat OpenShift AI that stems from a TrustyAI component that grants all service accounts and users on the cluster permission to obtain, list, and monitor any pod in any...
PT-2025-44155
Name of the Vulnerable Software and Affected Versions Red Hat Openshift AI Service affected versions not specified Description A flaw exists in the TrustyAI component of Red Hat Openshift AI Service. This component grants all service accounts and users within a cluster permissions to retrieve,...
EUVD-2025-18760
Malicious code in bioql PyPI...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
TrustyAI Explainability toolkit vulnerability CVE-2025-6193 arises from command injection in LMEvalJob CR handling. An attacker with permissions to deploy a LMEValJob CR can craft fields that escape the constructed lm_eval command, leading to arbitrary commands executed in the LMEvalJob pod termi...
CVE-2025-6193 Trustyai-explainability: command injection via lmevaljob cr
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193 Trustyai-explainability: command injection via lmevaljob cr
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
PT-2025-26441 · Unknown · Trustyai Explainability Toolkit
Name of the Vulnerable Software and Affected Versions: TrustyAI Explainability toolkit affected versions not specified Description: A command injection issue was discovered in the TrustyAI Explainability toolkit. This issue allows arbitrary commands placed in certain fields of a LMEValJob custom...
TrustyAI Explainability 操作系统命令注入漏洞
TrustyAI Explainability is an open source TrustyAI toolkit from TrustyAI. TrustyAI Explainability suffers from an operating system command injection vulnerability that stems from command injection and could result in an authenticated user executing arbitrary commands...