CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...

CVE-2009-4294

Unspecified vulnerability in the Authentication Manager aka utauthd in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors...

CVE-2025-60076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

CVE-2025-60076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

CVE-2025-60076

CVE-2025-60076 affects WordPress Ray Enterprise Translation plugin (lingotek-translation) ≤ 1.7.1. The issue is an Improper Control of Filename for Include/Require leading to PHP Local File Inclusion (RFI) via a PHP Remote File Inclusion pattern. Affected component: WordPress plugin code path han...

EUVD-2025-204112

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jbhovik Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

CVE-2025-60076 WordPress Ray Enterprise Translation plugin <= 1.7.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

CVE-2025-60076 WordPress Ray Enterprise Translation plugin <= 1.7.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

PT-2025-52134

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jbhovik Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

WordPress plugin Ray Enterprise Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PlayStation: PS4 BD-J privilege escalation using nested JAR

A PS4 vulnerability was discovered in the Blu-ray Disc Java BD-J privilege escalation using nested JAR files. The vulnerability was found in the PS4 system software versions 13.00 to the latest version 13.02. The vulnerability was caused by a discrepancy between the security policy's path...

CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

CVE-2025-34351

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +266 more potentially affected by CVE-2025-34351 via ray (>=0.5.0 <=2.51.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-34351 Source advisory: OSV:GHSA-GX77-XGC2-4888...

Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

GHSA-GX77-XGC2-4888 Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

CVE-2025-34351

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. At the request of the MITRE TL-Root and following the CVE Program’s Dispute Policy, it has been determined that this assignment did not identify a valid vulnerability based on the vendor's product security...

CVE-2025-34351

...

CVE-2025-34351

CVE-2025-34351 is rejected/not used per the CVE Numbering Authority; not a valid vulnerability entry.