Rhoai Odh-Mod-Arch-Model-Registry-Rhel9 vulnerabilities
24 known vulnerabilities affecting rhoai/odh-mod-arch-model-registry-rhel9.
Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH8MEDIUM11LOW2
Vulnerabilities
Page 2 of 2
CVE-2026-41240MEDIUMCVSS 6.02026-04-23
CVE-2026-41240 [MEDIUM] CWE-79 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization
DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute
redhat
CVE-2026-41988LOWCVSS 3.22026-04-23
CVE-2026-41988 [LOW] CWE-787 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions
uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions
A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected.
Pack
redhat
CVE-2026-40895MEDIUMCVSS 6.92026-04-21
CVE-2026-40895 [MEDIUM] CWE-212 follow-redirects: follow-redirects: Information disclosure via cross-domain redirects
follow-redirects: follow-redirects: Information disclosure via cross-domain redirects
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redi
redhat
CVE-2026-41242CRITICALCVSS 9.42026-04-18
CVE-2026-41242 [CRITICAL] CWE-94 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields
protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields
A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the "type" fields of protobuf definitions. This malicious code will then exec
redhat
← Previous2 / 2