Lucene search
K

29 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-15063

The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References3
CVE
CVE
added 6 days ago8 views

CVE-2026-15044

The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56458

Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...

6.3CVSS6.1AI score0.0017EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/01/30 9:30 a.m.5 views

lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...

3.2CVSS6AI score0.00219EPSS
Exploits1
EUVD
EUVD
added 2025/10/28 3:30 p.m.6 views

EUVD-2025-36503

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS6AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2025/10/28 2:15 p.m.19 views

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS0.00234EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/10/28 1:31 p.m.3 views

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS7.3AI score0.00234EPSS
Exploits0References5
CVE
CVE
added 2025/10/28 1:31 p.m.13 views

CVE-2025-12103

CVE-2025-12103 affects Red Hat OpenShift AI Service (TrustyAI). The component creates a role trustyai-service-operator-lmeval-user-role and a ClusterRoleBinding trustyai-service-operator-default-lmeval-user-rolebinding applied to system:authenticated, granting every authenticated user/service acc...

5CVSS6.1AI score0.00234EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/28 1:31 p.m.12 views

CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS0.00234EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 1:31 p.m.3 views

CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS6.1AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/28 1:31 p.m.4 views

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

5CVSS6AI score0.00234EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-44155

Name of the Vulnerable Software and Affected Versions Red Hat Openshift AI Service affected versions not specified Description A flaw exists in the TrustyAI component of Red Hat Openshift AI Service. This component grants all service accounts and users within a cluster permissions to retrieve,...

5CVSS6.1AI score0.00234EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.6 views

Red Hat OpenShift AI 安全漏洞

Red Hat OpenShift AI is an AI-oriented lifecycle management platform from Red Hat USA. A security vulnerability exists in Red Hat OpenShift AI that stems from a TrustyAI component that grants all service accounts and users on the cluster permission to obtain, list, and monitor any pod in any...

5CVSS6.3AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18760

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00757EPSS
Exploits0References3
Rows per page
Query Builder