Lucene search
K

16 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-15044

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-15063

The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS0.0017EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42283

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-15044

The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56458

Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...

6.3CVSS6.1AI score0.0017EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.8 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: external-secrets-operator-fips, crossplane-provider-aws-sqs-fips, cyberark-secrets-provider-for-k8s, linkerd2, percona-backup-mongodb, cert-manager-cmctl-fips, distribution, crossplane-provider-aws-cloudwatchevents-fips, crossplane-provider-azure-servicelinker,...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.7 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: external-secrets-operator-fips, crossplane-provider-aws-sqs-fips, cyberark-secrets-provider-for-k8s, linkerd2, percona-backup-mongodb, cert-manager-cmctl-fips, distribution, crossplane-provider-aws-cloudwatchevents-fips, crossplane-provider-azure-servicelinker,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.13 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: falcosidekick, peerdb-flow, sftpgo, chainloop-control-plane, kuma, argo-workflows-fips, gitlab-cng, kube-bench-fips, harbor-fips, pgtimetable-fips, rke2-cloud-provider, opentelemetry-collector-contrib, src, gitaly-fips, kine, spqr, kots, sftpgo-plugin-eventstore,...

9.8CVSS6.1AI score0.00356EPSS
Exploits0
Wolfi
Wolfi
added 2025/06/14 1:46 p.m.61 views

CVE-2025-22874 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, blobfuse2, ghaudit, nri-f5, postgres-operator, terraform-provider-azapi, rabbitmq-default-user-credential-updater, govulncheck, hello-world-golang, telegraf, kyverno-policy-reporter-kyverno-plugin, grpcurl, yq, velero, dockerize, rootlesskit, sr...

7.5CVSS6.9AI score0.00311EPSS
Exploits0
Wolfi
Wolfi
added 2025/06/14 1:46 p.m.20 views

GHSA-62JJ-GR2R-5C34 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, blobfuse2, ghaudit, nri-f5, postgres-operator, terraform-provider-azapi, rabbitmq-default-user-credential-updater, govulncheck, hello-world-golang, telegraf, kyverno-policy-reporter-kyverno-plugin, grpcurl, velero, dockerize, rootlesskit, src,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2025/06/14 1:46 p.m.19 views

GHSA-6F52-WPX2-HVF2 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, blobfuse2, ghaudit, nri-f5, postgres-operator, terraform-provider-azapi, rabbitmq-default-user-credential-updater, govulncheck, hello-world-golang, telegraf, kyverno-policy-reporter-kyverno-plugin, grpcurl, yq, velero, dockerize, rootlesskit, sr...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2025/06/14 1:46 p.m.23 views

CVE-2025-4673 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard, blobfuse2, ghaudit, nri-f5, postgres-operator, terraform-provider-azapi, rabbitmq-default-user-credential-updater, govulncheck, hello-world-golang, telegraf, kyverno-policy-reporter-kyverno-plugin, grpcurl, velero, dockerize, rootlesskit, src,...

6.8CVSS6.6AI score0.0056EPSS
Exploits0
CNVD
CNVD
added 2021/06/26 12:0 a.m.10 views

File Upload Vulnerability in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co.

Fujian Qualicom Communication Co., Ltd. is a solution provider and service operator focusing on professional communication. A file upload vulnerability exists in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co. Ltd. that can be exploited by an attacker to upload a...

7.3AI score
Exploits0
Rows per page
Query Builder