Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

313 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:20 p.m.7 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.1AI score0.00473EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/05/29 7:32 p.m.6 views

apache-airflow-providers-amazon (>=9.7.0 <=9.8.0rc1), arrow-pd-parser (>=1.0.0 <=1.0.4) +43 more potentially affected by CVE-2026-8838 via redshift-connector (>=2.0.888 <=2.1.13)

redshift-connector PYPI version =2.0.888, =9.7.0, =1.0.0, =0.1.1, =2.0.0, =0.1.7, =0.31.6, =0.1.17, =2.3.0.dev3, =1.0.0a2, =0.4.0, =0.0.1, =0.3.64, =6.1.2, =0.5.2, =1.5.0, =1.9.1 and more Source cves: CVE-2026-8838 Source advisory: OSV:GHSA-29H4-R29X-HCHV...

9.8CVSS5.4AI score0.00808EPSS
Exploits1
Intel
Inteladded 2026/05/12 12:0 a.m.13 views

2026.2 IPU - Intel® Processor Firmware Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35979 Description: Exposure of sensitive information caused by shared...

6.8CVSS5.8AI score0.00096EPSS
Exploits0
NVD
NVDadded 2026/05/08 10:16 p.m.13 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS0.00473EPSS
Exploits0References4
CVE
CVEadded 2026/05/08 9:46 p.m.13 views

CVE-2026-41486

Ray contains a remote code execution flaw (CVE-2026-41486) observed in Ray 2.49.0–2.54.0 where PyArrow reads Parquet extension types in metadata and Ray passes the bytes to cloudpickle.loads() during schema parsing, enabling arbitrary code execution before any row data is read. The issue affects ...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/08 9:46 p.m.4 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/08 9:46 p.m.3 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/08 9:46 p.m.11 views

EUVD-2026-28828

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/08 9:46 p.m.30 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS0.00473EPSS
Exploits0References4
vulnersOsv
vulnersOsvadded 2026/05/05 9:31 a.m.9 views

actix-web-opentelemetry (>=0.2.0 <=0.17.0), ailake-file (>=0.0.8 <=0.0.10) +202 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)

thrift CARGO version =0.0.4, =0.2.0, =0.0.8, =0.0.6, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.34.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...

5.3CVSS5.4AI score0.00376EPSS
Exploits0
OSV
OSVadded 2026/04/24 4:15 p.m.1 views

GHSA-MW35-8RX3-XF9R Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls arrowextdeserialize on the field's metadata bytes. Ray's...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References7
Snyk
Snykadded 2026/04/24 4:15 p.m.1 views

Deserialization of Untrusted Data

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization of Parquet Arrow extension type metadata via the cloudpickle.loads function. An attacker can...

9.6CVSS6.5AI score0.00473EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/04/24 4:15 p.m.33 views

Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls arrowextdeserialize on the field's metadata bytes. Ray's...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.5 views

PT-2026-37117

Name of the Vulnerable Software and Affected Versions Ray versions 2.49.0 through 2.54.0 Description Ray Data registers custom Arrow extension types ray.data.arrow tensor, ray.data.arrow tensor v2, and ray.data.arrow variable shaped tensor globally in PyArrow. When PyArrow reads a Parquet file...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References9
Github Security Blog
Github Security Blogadded 2026/03/31 11:48 p.m.5 views

parse-server has cloud function validator bypass via prototype chain traversal

Impact An attacker can bypass Cloud Function validator access controls by appending .prototype.constructor to the function name in the URL. When a Cloud Function handler is declared using the function keyword and its validator is a plain object or arrow function, the trigger store traversal...

9.1CVSS5.9AI score0.00277EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2026/03/18 12:18 a.m.3 views

OSV-2026-417 Segv on unknown address in arrow::Array::IsNull

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=493063924 Crash type: Segv on unknown address Crash state: arrow::Array::IsNull arrow::Status arrow::VisitArrayInline arrow::ArrayPrinter::Print...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/05 7:30 p.m.4 views

CVE-2026-28783

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either ha...

9.4CVSS6.1AI score0.00464EPSS
Exploits0References1
NVD
NVDadded 2026/03/04 5:16 p.m.7 views

CVE-2026-28783

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either ha...

9.4CVSS0.00464EPSS
Exploits0References2
OSV
OSVadded 2026/03/04 4:50 p.m.2 views

CVE-2026-28783 Craft has a Twig Function Blocklist Bypass

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either ha...

9.4CVSS6.1AI score0.00464EPSS
Exploits0References4
CVE
CVEadded 2026/03/04 4:50 p.m.16 views

CVE-2026-28783

CVE-2026-28783 affects Craft CMS (Craft CMS core) where a blocklist of potentially dangerous PHP functions is bypassable via Twig non-Closure arrow functions. Affected versions are prior to 5.9.0-beta.1 and 4.17.0-beta.1. Successful exploitation requires attacker permissions (production allowAdmi...

9.4CVSS6.1AI score0.00464EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder