533 matches found
ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +171 more potentially affected by CVE-2025-62593 via ray (>=2.0.0 <=2.51.2)
ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.5.3b20221011, =1.4.1b20251203 - autogluon-assistant =1.0.0 - autogluon-bench =0.2.0 and more Source cves: CVE-2025-62593 Source advisory: SNYK:PYTHON-RAY-14129882...
Arbitrary Code Injection
Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...
CVE-2025-62593
Technical details for CVE-2025-62593 are not publicly disclosed in the provided documents; the Ray RCE entry and related advisories do not contain product/version/impact information for this CVE. Monitor for updates.
EUVD-2025-199754
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...
CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...
CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...
GHSA-Q279-JHRF-CC6V Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +264 more potentially affected by CVE-2025-62593 via ray (>=0.5.0 <=2.51.2)
ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-62593 Source advisory: OSV:GHSA-Q279-JHRF-CC6V...
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
Ray 跨站请求伪造漏洞
Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. A cross-site request forgery vulnerability exists in versions of Ray prior to 2.52.0, which stems from insufficient protection against browser-based attacks and could lead to remote code execution...
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence AI framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0 , is an evolution...
PT-2025-48198
Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.52.0 Description Ray, an AI compute engine, is affected by a critical Remote Code Execution RCE issue. The problem stems from insufficient protection against browser-based attacks. The current defense relies on the...
EUVD-2025-178592
Malicious code in hawkingradiation-carina-oortcloud-gammarayburst npm...
EUVD-2025-176414
Malicious code in server-child-process-cosmicray-extremophile npm...
EUVD-2025-178819
Malicious code in fusion-gammarayburst-magnetosphere-child-process npm...
Exploit for OS Command Injection in Ray_Project Ray
It is an offensive tool for a vulnerable Ray Dashboard. The targ...
EUVD-2008-2109
Malware in sbrugna...
EUVD-2019-6379
Malware in sbrugna...
EUVD-2007-6447
Malware in sbrugna...
EUVD-2009-4263
Malware in sbrugna...