Lucene search
K

62 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-354 Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.1AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.15 views

CVE-2026-4137

A flaw was found in mlflow/mlflow. Insecure permissions on temporary directories allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects. This manipulation can lead to arbitrary code execution when the tampered artifacts are deserialized. This...

7.8CVSS7.4AI score0.00193EPSS
Exploits1References5
OSV
OSV
added 2026/06/05 5:49 a.m.8 views

BIT-MLFLOW-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7.8CVSS6.2AI score0.00193EPSS
Exploits1References3
OSV
OSV
added 2026/05/18 9:31 p.m.30 views

GHSA-F2M9-WCF4-CWWX MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS6.3AI score0.00193EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 p.m.15 views

MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/18 9:16 p.m.15 views

CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7.8CVSS0.00193EPSS
Exploits1References2
CVE
CVE
added 2026/05/18 8:26 p.m.27 views

CVE-2026-4137

CVE-2026-4137 : In mlflow/mlflow before 3.11.0, two temp-dir creation paths expose world/group-writable permissions: get_or_create_nfs_tmp_dir() creates 0o777 and _create_model_downloading_tmp_dir() creates 0o770. This enables local attackers with access to shared NFS mounts (e.g., Databricks) to...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/18 8:26 p.m.2 views

CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00193EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 8:26 p.m.36 views

CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS0.00193EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/18 8:26 p.m.13 views

EUVD-2026-30807

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00215EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.13 views

CVE-2026-31234

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Horovod 安全漏洞

Horovod is a distributed training framework developed by Horovod OpenSource, based on TensorFlow, Keras, PyTorch, and Apache MXNet. Horovod versions 0.28.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authentication and authorization controls in the...

9.8CVSS6.2AI score0.00687EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40121

Name of the Vulnerable Software and Affected Versions Horovod versions prior to 0.28.2 Description The KVStore HTTP server component, used for distributed task coordination, lacks authentication and authorization controls. This allows a remote attacker to write arbitrary data using HTTP PUT...

9.8CVSS6.1AI score0.00687EPSS
Exploits0References7
CVE
CVE
added 2026/05/12 12:0 a.m.20 views

CVE-2026-31234

Horovod through v0.28.1 exposes an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server. The KVStore server lacks authentication/authorization, allowing remote attackers to write arbitrary data via HTTP PUT. When a Horovod worker subsequently reads data from KVStore (via HT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 10:16 p.m.18 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS0.00473EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:46 p.m.5 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/08 9:46 p.m.13 views

EUVD-2026-28828

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 9:46 p.m.16 views

CVE-2026-41486

Ray contains a remote code execution flaw (CVE-2026-41486) observed in Ray 2.49.0–2.54.0 where PyArrow reads Parquet extension types in metadata and Ray passes the bytes to cloudpickle.loads() during schema parsing, enabling arbitrary code execution before any row data is read. The issue affects ...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 9:46 p.m.2 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.5AI score0.00473EPSS
Exploits0References6
Rows per page
Query Builder