Lucene search
K

183 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.1AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.13 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

7.3CVSS6.1AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29096

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

6.1AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 5:16 p.m.20 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

7.3CVSS0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39634

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its make parquet list.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load withou...

6.1AI score0.0021EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.6 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

6.1AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 12:0 a.m.32 views

CVE-2026-31249

CosyVoice contains an insecure deserialization vulnerability (CWE-502) in its data processing tool make_parquet_list.py. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) with torch.load() without enabling weights_only=True, allowing the deserialization ...

7.3CVSS6.1AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.9 views

CVE-2026-42241

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 10:16 p.m.18 views

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS0.00473EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 9:46 p.m.8 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 9:46 p.m.13 views

EUVD-2026-28828

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 9:46 p.m.17 views

CVE-2026-41486

Ray contains a remote code execution flaw (CVE-2026-41486) observed in Ray 2.49.0–2.54.0 where PyArrow reads Parquet extension types in metadata and Ray passes the bytes to cloudpickle.loads() during schema parsing, enabling arbitrary code execution before any row data is read. The issue affects ...

8.9CVSS6.3AI score0.00473EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/08 9:46 p.m.34 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS0.00473EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 9:46 p.m.2 views

CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

8.9CVSS6.5AI score0.00473EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Ray 代码注入漏洞

Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray from 2.54.0 to 2.55.0 contained a code injection vulnerability. This vulnerability occurred when the PyArrow library read Parquet files by invoking arrowextdeserialize, allowin...

8.9CVSS6AI score0.00473EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 6:52 p.m.10 views

CVE-2026-42241 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:52 p.m.8 views

CVE-2026-42241

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/07 6:52 p.m.11 views

EUVD-2026-28430

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 6:52 p.m.19 views

CVE-2026-42241

ParquetSharp (a .NET library for Parquet) has a vulnerability in DecimalConverter.ReadDecimal from 18.1.0 up to before 23.0.0.1 where a stackalloc is performed using an attacker‑supplied width, allowing stack overflow if a decimal column width is unreasonably large. In a service environment, this...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 6:52 p.m.35 views

CVE-2026-42241 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

5.3CVSS0.00273EPSS
Exploits0References2
Rows per page
Query Builder