Lucene search
K
RedhatOpenshift Ai

7 matches found

CVE
CVE
added 2026/05/08 3:35 a.m.226 views

CVE-2026-42271

Summary: CVE-2026-42271 affects LiteLLM up to v1.83.7, where two MCP preview endpoints (POST /mcp-rest/test/connection and /tools/list) could spawn arbitrary commands via stdio transport when provided a full server config, restricted only by a valid API key. The subprocess ran with the proxy’s pr...

8.8CVSS6AI score0.80188EPSS
In wildWeb
CVE
CVE
added 2024/08/08 9:33 p.m.96 views

CVE-2024-7557

OpenShift AI CVE-2024-7557 describes an authentication bypass and privilege escalation across models within the same namespace. Affected: OpenShift AI versions prior to 2.9. Root cause: the UI-protected models expose credentials/tokens (ServiceAccount tokens) in the UI, which can be used with oc ...

8.8CVSS7.9AI score0.00932EPSS
CVE
CVE
added 2026/04/13 2:55 p.m.26 views

CVE-2026-1462

The CVE-2026-1462 issue affects the keras package (v3.13.0) via the TFSMLayer deserialization path. The vulnerability allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safe_mode is enabled, due to unconditional loading of external Sa...

8.8CVSS7.7AI score0.00363EPSS
CVE
CVE
added 2026/04/10 5:33 p.m.23 views

CVE-2026-5483

CVE-2026-5483 – Odh-dashboard component in Red Hat OpenShift AI has a flaw that allows disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, enabling potential unauthorized access to Kubernetes resources. Affected product: Red Hat OpenShift AI (odh-dashboard). Root cause: inf...

9.9CVSS5.7AI score0.00492EPSS
CVE
CVE
added 2026/03/26 9:48 p.m.19 views

CVE-2025-12805

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator where Llama Stack services deployed in different namespaces can be accessed via direct network requests because no NetworkPolicy restricts the llama-stack service endpoint. This allows a user in one namespace to ...

8.1CVSS7AI score0.00383EPSS
CVE
CVE
added 2026/06/23 12:12 p.m.12 views

CVE-2023-54365

The CVE covers Traefik versions prior to 2.10.5 and 3.0.0-beta4 affected by a denial-of-service in HTTP/2 request handling derived from the Go standard library’s HTTP/2 implementation (the Rapid Reset technique). A remote attacker can rapidly create and cancel HTTP/2 streams, exhausting server re...

8.7CVSS5.9AI score0.00566EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-15154

Technical details (affected products/versions, root cause specifics, remediation) are not publicly provided in the supplied documents. Monitor for updates to confirm scope, impact and fixes for CVE-2026-15154 regarding guardrails-detectors in Red Hat OpenShift AI.

6.5CVSS5.9AI score0.00204EPSS