Lucene search
K

17 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS0.00483EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-57516 Ray < 2.56.0 Unsafe Deserialization RCE via WebDataset Reader

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS0.00483EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-57516

Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.14 views

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...

7.8CVSS8.2AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-24629

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00184EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/21 12:0 a.m.4 views

NVIDIA WebDataset OS Command Injection Vulnerability

NVIDIA WebDataset is a high-performance data storage method from NVIDIA. NVIDIA WebDataset suffers from an operating system command injection vulnerability that can be exploited by an attacker to bypass the authentication process and take over the accounts of other web application users under...

7.8CVSS7.9AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 6:15 p.m.23 views

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...

7.8CVSS0.00184EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/13 5:47 p.m.6 views

Command Injection

Overview webdataset is a High performance storage and I/O for deep learning and data processing. Affected versions of this package are vulnerable to Command Injection due to the user-supplied input handle. An attacker can execute arbitrary code with elevated permissions, potentially leading to...

8.5CVSS7.8AI score0.00184EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/13 5:47 p.m.5 views

aeiou (>=0.0.12 <=0.0.21), aistore (>=1.4.23 <=1.8.0) +200 more potentially affected by CVE-2025-23294 via webdataset (>=0.1.103 <=1.0.2)

webdataset PYPI version =0.1.103, =0.0.12, =1.4.23, =1.0.0, =0.0.1, =1.0.2.1, =1.0.0, =0.1.1a1, =0.1.0, =0.0.13, =1.0.3, =0.0.1.dev6, =0.4.0 and more Source cves: CVE-2025-23294 Source advisory: SNYK:PYTHON-WEBDATASET-12089391...

7.8CVSS5.7AI score0.00184EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/08/13 5:8 p.m.1 views

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...

7.8CVSS8.2AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/13 5:8 p.m.22 views

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service...

7.8CVSS0.00184EPSS
Exploits0References3
CVE
CVE
added 2025/08/13 5:8 p.m.21 views

CVE-2025-23294

CVE-2025-23294 affects NVIDIA WebDataset across platforms. The issue enables an attacker to execute arbitrary code with elevated permissions, causing potential privilege escalation, data tampering, information disclosure, and denial of service . The attack vector is indicated as local with low co...

7.8CVSS8.2AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-33025 · Nvidia · Nvidia Webdataset

Name of the Vulnerable Software and Affected Versions: NVIDIA WebDataset affected versions not specified Description: NVIDIA WebDataset contains an issue that may allow an attacker to execute arbitrary code with elevated permissions. A successful exploit could lead to escalation of privileges, da...

7.8CVSS7.5AI score0.00184EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.5 views

NVIDIA WebDataset 操作系统命令注入漏洞

NVIDIA WebDataset is a high-performance data storage method from NVIDIA. NVIDIA WebDataset suffers from an operating system command injection vulnerability that can be exploited by an attacker to bypass the authentication process and take over the accounts of other web application users under...

7.8CVSS7.7AI score0.00184EPSS
Exploits0References3
Nvidia
Nvidia
added 2025/08/12 12:0 a.m.8 views

Security Bulletin: NVIDIA WebDataset - August 2025

NVIDIA has released a software update for NVIDIA WebDataset. To protect your system, install the software including the Github commit 9e95f50 of NVIDIA WebDataset. Go to NVIDIA Product Security...

7.8CVSS7.1AI score0.00184EPSS
Exploits0Affected Software1
Rows per page
Query Builder