Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/07/01 1:49 p.m.6 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 7:51 a.m.9 views

CVE-2026-56121

A flaw was found in Feast. This vulnerability allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a specially crafted gRPC request to the registry server, attackers can exploit an unsafe deserialization process. This enables them to execute operating syst...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.20 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
Snyk
Snyk
added 2026/03/20 12:0 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the WebSocket endpoint. An attacker can exhaust server resources, including memory, CPU, and file descriptors, by establishing a large number of...

8.7CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 12:0 a.m.6 views

Missing Authorization

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Missing Authorization via the /save-document endpoint. An attacker can modify system files, overwrite configuration or startup scripts, or execute arbitrary code by sending crafted requests to write...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/20 12:0 a.m.4 views

elemeno-ai-sdk (>=0.0.77 <=0.6.11), elemeno-mlops-cli (>=0.0.1 <=0.0.4) +22 more potentially affected by CVE-2026-23537 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.0.77, =0.0.1, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =0.1.0, =0.6.19 and more Source cves: CVE-2026-23537 Source advisory: SNYK:PYTHON-FEAST-15857152...

5.7AI score0.00568EPSS
Exploits0
OSV
OSV
added 2026/01/01 9:30 a.m.6 views

GHSA-34WM-4HW7-QFJV Feast vulnerable to Deserialization of Untrusted Data

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.5AI score0.00264EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/01/01 7:40 a.m.6 views

elemeno-ai-sdk (>=0.0.77 <=0.6.11), elemeno-mlops-cli (>=0.0.1 <=0.0.4) +22 more potentially affected by CVE-2025-11157 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.0.77, =0.0.1, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =0.1.0, =0.6.19 and more Source cves: CVE-2025-11157 Source advisory: SNYK:PYTHON-FEAST-14830622...

7.8CVSS7.1AI score0.00264EPSS
Exploits0
Rows per page
Query Builder