Lucene search
+L

87 matches found

osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-517 Ray has arbitrary code execution via jobs submission API

Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

9.8CVSS7.5AI score0.81512EPSS
Exploits6References17
attackerkb
attackerkb
added 2026/05/15 2:13 a.m.6 views

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References3
cve
cve
added 2026/05/15 2:13 a.m.43 views

CVE-2026-2652

Summary (CVE-2026-2652) : In mlflow/mlflow

8.6CVSS7.5AI score0.01502EPSS
Exploits1References2Affected Software1
susecve
susecve
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.8AI score0.0009EPSS
Exploits0References3
euvd
euvd
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28752

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.8AI score0.0009EPSS
Exploits0References3
nvd
nvd
added 2026/05/08 3:16 p.m.13 views

CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.5CVSS0.0009EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References4
osv
osv
added 2026/05/08 3:16 p.m.10 views

UBUNTU-CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.7CVSS5.8AI score0.0009EPSS
Exploits0References5
osv
osv
added 2026/05/08 2:22 p.m.3 views

CVE-2026-43446 accel/amdxdna: Fix runtime suspend deadlock when there is pending job

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/08 2:22 p.m.9 views

CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.8AI score0.0009EPSS
Exploits0References3Affected Software1
github
github
added 2026/04/03 6:31 p.m.13 views

mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.8CVSS7.8AI score0.04392EPSS
Exploits1References3Affected Software1
vulncheck_kev
vulncheck_kev
added 2026/01/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

4.9CVSS5.8AI score0.6583EPSS
In wildExploits2References2
ptsecurity
ptsecurity
added 2025/10/27 12:0 a.m.9 views

PT-2025-43988

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description The SOCET GXP Job Service lacks authentication. This may permit remote users to submit jobs, or local users to submit jobs that execute with the permissions of other users. Recommendations...

8.8CVSS6.6AI score0.00393EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8525

Malware in sbrugna...

9.8CVSS9.1AI score0.02811EPSS
Exploits0References12
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-26230

Malware in sbrugna...

7.8CVSS7.5AI score0.00437EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12303

Malware in sbrugna...

5.9CVSS5.6AI score0.00329EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-1813

Malware in sbrugna...

6.4CVSS6.4AI score0.01351EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2011-2880

Malware in sbrugna...

7.5CVSS6.2AI score0.02879EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-12212

Malware in sbrugna...

8.8CVSS8.6AI score0.01037EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/01 4:7 p.m.8 views

CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...

6.5CVSS0.0041EPSS
Exploits0References1
Rows per page
Query Builder