Rhoai Odh-Ml-Pipelines-Api-Server-V2-Rhel9 vulnerabilities

CVE-2026-8261 [LOW] CWE-120 squirrel: Squirrel: Heap-based buffer overflow allows local denial of service squirrel: Squirrel: Heap-based buffer overflow allows local denial of service A flaw was found in Squirrel. A local attacker could exploit a heap-based buffer overflow vulnerability, which occurs when a program writes more data to a memory buffer than it can hold. This flaw, specifically affecting the SQFunctionProto::Load function within squirrel/sqobject.cpp, could lead to a denial of ser

CVE-2026-42295 [HIGH] CWE-256 github.com/argoproj/argo-workflows: Argo Workflows: Information disclosure via plaintext logging of artifact repository credentials github.com/argoproj/argo-workflows: Argo Workflows: Information disclosure via plaintext logging of artifact repository credentials A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3

CVE-2026-42183 [LOW] CWE-476 github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via nil pointer dereference for SSO users github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via nil pointer dereference for SSO users A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the `rbacAuthorization()` function, affects Single Sign-On (SSO) users. When `SSO_DELEGATE_RBAC_TO_NAMESPACE` is enabled, an authenticated SSO user whose claims match a n

CVE-2026-41889 [LOW] CWE-89 github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an attacker-controlled valu

CVE-2026-40886 [HIGH] CWE-1285 github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via malformed workflow pod annotation github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via malformed workflow pod annotation A flaw was found in Argo Workflows, an open-source system for managing tasks in Kubernetes. An attacker with appropriate permissions can trigger a system-wide crash by submitting a specially crafted workflow pod with a malformed annotation. This vulner