Redhat

Openshift Ai

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.21%
  • Veröffentlicht 08.07.2026 20:16:48
  • Zuletzt bearbeitet 09.07.2026 16:39:17

A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detect...

  • EPSS 0.18%
  • Veröffentlicht 08.07.2026 14:58:12
  • Zuletzt bearbeitet 09.07.2026 16:39:17

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster netwo...

  • EPSS 0.17%
  • Veröffentlicht 08.07.2026 14:37:22
  • Zuletzt bearbeitet 09.07.2026 16:39:17

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their iden...

  • EPSS 0.57%
  • Veröffentlicht 23.06.2026 12:12:51
  • Zuletzt bearbeitet 08.07.2026 18:12:47

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote ...

Warnung Medienbericht
  • EPSS 80.19%
  • Veröffentlicht 08.05.2026 03:35:16
  • Zuletzt bearbeitet 30.06.2026 20:19:56

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/...

Exploit
  • EPSS 0.35%
  • Veröffentlicht 13.04.2026 14:55:28
  • Zuletzt bearbeitet 07.07.2026 18:05:54

A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarante...

  • EPSS 0.49%
  • Veröffentlicht 10.04.2026 17:33:25
  • Zuletzt bearbeitet 30.06.2026 03:21:07

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable...

Exploit
  • EPSS 0.38%
  • Veröffentlicht 26.03.2026 21:48:16
  • Zuletzt bearbeitet 30.04.2026 16:21:05

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the ll...

  • EPSS 0.59%
  • Veröffentlicht 20.03.2026 21:58:47
  • Zuletzt bearbeitet 30.06.2026 03:17:33

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker ca...

  • EPSS 0.23%
  • Veröffentlicht 28.10.2025 13:31:59
  • Zuletzt bearbeitet 23.04.2026 18:16:22

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-...