Lucene search
K

533 matches found

vulnersOsv
vulnersOsv
added 2025/11/26 10:44 p.m.11 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +171 more potentially affected by CVE-2025-62593 via ray (>=2.0.0 <=2.51.2)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.5.3b20221011, =1.4.1b20251203 - autogluon-assistant =1.0.0 - autogluon-bench =0.2.0 and more Source cves: CVE-2025-62593 Source advisory: SNYK:PYTHON-RAY-14129882...

9.4CVSS6.6AI score0.00338EPSS
Exploits0
Snyk
Snyk
added 2025/11/26 10:44 p.m.4 views

Arbitrary Code Injection

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...

9.6CVSS7.9AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2025/11/26 10:28 p.m.91 views

CVE-2025-62593

Technical details for CVE-2025-62593 are not publicly disclosed in the provided documents; the Ray RCE entry and related advisories do not contain product/version/impact information for this CVE. Monitor for updates.

9.4CVSS6.5AI score0.00338EPSS
In wildExploits0References2
EUVD
EUVD
added 2025/11/26 10:28 p.m.9 views

EUVD-2025-199754

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS6.3AI score0.00338EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/11/26 10:28 p.m.15 views

CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS0.00338EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 10:28 p.m.8 views

CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS6.8AI score0.00338EPSS
Exploits0References4
OSV
OSV
added 2025/11/26 7:35 p.m.7 views

GHSA-Q279-JHRF-CC6V Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

9.4CVSS7.5AI score0.00338EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2025/11/26 7:35 p.m.6 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +264 more potentially affected by CVE-2025-62593 via ray (>=0.5.0 <=2.51.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-62593 Source advisory: OSV:GHSA-Q279-JHRF-CC6V...

9.4CVSS6.6AI score0.00338EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/11/26 7:35 p.m.11 views

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

9.4CVSS7.5AI score0.00338EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.6 views

Ray 跨站请求伪造漏洞

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. A cross-site request forgery vulnerability exists in versions of Ray prior to 2.52.0, which stems from insufficient protection against browser-based attacks and could lead to remote code execution...

9.4CVSS7.5AI score0.00338EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/11/20 5:24 p.m.7 views

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence AI framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0 , is an evolution...

9.8CVSS8.3AI score0.81512EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.8 views

PT-2025-48198

Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.52.0 Description Ray, an AI compute engine, is affected by a critical Remote Code Execution RCE issue. The problem stems from insufficient protection against browser-based attacks. The current defense relies on the...

10CVSS7.7AI score0.00338EPSS
Exploits0References32
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178592

Malicious code in hawkingradiation-carina-oortcloud-gammarayburst npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176414

Malicious code in server-child-process-cosmicray-extremophile npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178819

Malicious code in fusion-gammarayburst-magnetosphere-child-process npm...

6.6AI score
Exploits0
GithubExploit
GithubExploit
added 2025/10/28 8:4 p.m.144 views

Exploit for OS Command Injection in Ray_Project Ray

It is an offensive tool for a vulnerable Ray Dashboard. The targ...

9.8CVSS8.3AI score0.7463EPSS
Exploits15
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-2109

Malware in sbrugna...

8.5CVSS6.4AI score0.0254EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6379

Malware in sbrugna...

5.5CVSS5.6AI score0.00292EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-6447

Malware in sbrugna...

6.4CVSS6.4AI score0.02605EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4263

Malware in sbrugna...

7.8CVSS6.4AI score0.01426EPSS
Exploits0References5
Rows per page
Query Builder