Lucene search
K

32 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Rack 信息泄露漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6 contained an information leakage vulnerability. This vulnerability stemmed from Rack::Static’s use of simple string prefix checks to determine whether a request should be...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/18 1:36 a.m.4 views

CVE-2026-32981

A path traversal flaw has been identified in Ray Dashboard in the Ray Pypi package. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the intended static directory,...

8.7CVSS5.6AI score0.00929EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/17 9:31 p.m.6 views

Ray Dashboard is vulnerable to path traversal through its static file handling mechanism

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS7.7AI score0.00929EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/17 9:31 p.m.5 views

GHSA-J3MH-QMJJ-XP83 Ray Dashboard is vulnerable to path traversal through its static file handling mechanism

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS7.7AI score0.00929EPSS
Exploits1References5
PyPA
PyPA
added 2026/03/17 8:16 p.m.13 views

PYSEC-2026-130

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS7.3AI score0.00929EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/17 8:16 p.m.6 views

PYSEC-2026-130

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

7.5CVSS7.3AI score0.00929EPSS
Exploits1References4
OSV
OSV
added 2026/03/17 8:16 p.m.2 views

CVE-2026-32981

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

7.5CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:33 p.m.3 views

CVE-2026-32981

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS5.8AI score0.00929EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/17 7:33 p.m.19 views

CVE-2026-32981 Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS0.00929EPSS
Exploits1References3
CVE
CVE
added 2026/03/17 7:33 p.m.12 views

CVE-2026-32981

Ray Dashboard on port 8265 has a path traversal flaw in versions prior to 2.8.1 due to improper validation/sanitization of user-supplied paths in the static file handling, allowing access to files outside the static directory and causing local file disclosure. Reported with high severity (CVSS 3....

8.7CVSS5.8AI score0.00929EPSS
Exploits1References11Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.5 views

PT-2026-25933

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS5.8AI score0.00929EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.128 views

📄 Ray 2.8.0 Path Traversal

A path traversal vulnerability was identified in versions prior to 2.8.1 of Ray affecting the Ray Dashboard service default port 8265. The issue stems from improper validation and sanitization of user-supplied file paths within the static file handling mechanism. By manipulating path traversal...

5.5AI score
Exploits0
Ubuntu
Ubuntu
added 2026/02/13 3:52 a.m.6 views

USN-8032-1: AIOHTTP vulnerabilities

Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...

8.7CVSS7.3AI score0.00487EPSS
Exploits0
OSV
OSV
added 2026/01/05 11:15 p.m.5 views

AZL-73503 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS7AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-5448

Malware in sbrugna...

5CVSS6.4AI score0.01251EPSS
Exploits1References7
OSV
OSV
added 2025/07/22 12:17 p.m.6 views

USN-7664-1 ruby-sinatra vulnerabilities

It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...

8.8CVSS6.4AI score0.02059EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-27306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This...

6.1CVSS7AI score0.00666EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/12/21 12:0 a.m.13 views

openSUSE Security Advisory (SUSE-SU-2024:4396-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.00666EPSS
Exploits0References4
OSV
OSV
added 2024/12/20 12:1 p.m.6 views

SUSE-SU-2024:4396-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098...

6.1CVSS6.5AI score0.00666EPSS
Exploits0References3
OSV
OSV
added 2024/06/24 7:4 p.m.16 views

MGASA-2024-0235 Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS5.9AI score0.00666EPSS
Exploits0References3
Rows per page
Query Builder