Lucene search
K

533 matches found

NVD
NVD
added 2026/02/21 10:16 a.m.15 views

CVE-2026-27482

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

6.5CVSS0.00256EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/21 9:18 a.m.32 views

CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

5.9CVSS0.00256EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:18 a.m.5 views

CVE-2026-27482

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

5.9CVSS5.6AI score0.00256EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 9:18 a.m.8 views

CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

5.9CVSS5.5AI score0.00256EPSS
Exploits1References4
OSV
OSV
added 2026/02/21 9:18 a.m.8 views

CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

5.9CVSS5.6AI score0.00256EPSS
Exploits1References6
CVE
CVE
added 2026/02/21 9:18 a.m.34 views

CVE-2026-27482

CVE-2026-27482 affects Ray’s dashboard HTTP server. In versions 2.53.0 and below, DELETE endpoints are unauthenticated, and the server may be reachable on 0.0.0.0, enabling a browser-based request (DNS rebinding or same-network) to issue DELETE requests that shut down Serve or delete jobs without...

6.5CVSS5.6AI score0.00256EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.9 views

Ray 安全漏洞

Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray prior to 2.53.0 contain security vulnerabilities. These vulnerabilities stem from the fact that the dashboard’s HTTP server does not cover the DELETE method, and the critical...

6.5CVSS5.8AI score0.00256EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/02/20 9:15 p.m.4 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +283 more potentially affected by CVE-2026-27482 via ray (>=0.5.0 <=2.53.0)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =1.1.2 - am2eda =0.0.0.2 - amesa-train =0.1.0 - amesa-train-dev =0.20.5.dev13 and more Source cves: CVE-2026-27482 Source advisory: OSV:GHSA-Q5FH-2HC8-F6RQ...

6.5CVSS5.7AI score0.00256EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/20 9:15 p.m.8 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +190 more potentially affected by CVE-2026-27482 via ray (>=2.0.0 <=2.53.0)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.1.0, =0.1.0, =0.1.1 - autogenesis =0.0.1 and more Source cves: CVE-2026-27482 Source advisory: SNYK:PYTHON-RAY-15325639...

6.5CVSS5.7AI score0.00256EPSS
Exploits1
Snyk
Snyk
added 2026/02/20 9:15 p.m.4 views

Missing Authentication for Critical Function

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Missing Authentication for Critical Function through unauthenticated access to the DELETE endpoints on the Dashboard HTTP server. An attacker can shut...

6.5CVSS5.8AI score0.00256EPSS
Exploits1References2
OSV
OSV
added 2026/02/20 9:15 p.m.5 views

GHSA-Q5FH-2HC8-F6RQ Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Summary Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding or same-network access can issue DELETE requests...

5.9CVSS6.4AI score0.00256EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/20 9:15 p.m.9 views

Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Summary Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding or same-network access can issue DELETE requests...

6.5CVSS6.4AI score0.00256EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.138 views

📄 Ray 2.8.0 Path Traversal

A path traversal vulnerability was identified in versions prior to 2.8.1 of Ray affecting the Ray Dashboard service default port 8265. The issue stems from improper validation and sanitization of user-supplied file paths within the static file handling mechanism. By manipulating path traversal...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/09 8:37 a.m.34 views

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...

10CVSS6.2AI score0.99562EPSS
Exploits431
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.7 views

IX-Ray Engine security vulnerabilities

IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by out-of-bounds write-ups...

9.8CVSS5.8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.8 views

IX-Ray Engine security vulnerabilities

IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by infinite loops with no exit conditions...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.9 views

IX-Ray Engine security vulnerabilities

IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by exposing sensitive information to unauthorized participants...

7.5CVSS5.8AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.5 views

CVE-2023-25199

A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

5.4CVSS5.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.16 views

CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...

4.4CVSS6.8AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.6 views

CVE-2009-4294

Unspecified vulnerability in the Authentication Manager aka utauthd in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors...

10CVSS8.2AI score0.05718EPSS
Exploits0References1
Rows per page
Query Builder