漏洞描述
Ray 是用于扩展 AI 和 Python 应用程序的统一框架,本地文件包含允许远程攻击者进行未经身份验证的 API 调用并读取系统上的任何文件
ray-project存在本地文件包含漏洞
PoC代码
暂无相关漏洞推荐
- ERPNext /api/method/erpnext.projects.doctype.timesheet.timesheet.get_timesheet_detail_rate SQL 注入漏洞(CVE-2025-52049)
- 百易云资产管理运营系统 /adminx/project.save.php SQL 注入漏洞
- (CVE-2025-12593)code-projects Simple Online Hotel Reservation System 2.0 Photo Handler组件任意文件上传漏洞
- (CVE-2025-8494)code-projects Intern Membership Management System 1.0 SQL注入漏洞
- POC gcloud-vm-project-ssh-keys-enabled: Block Project-Wide SSH Keys Not Enabled
- POC gcloud-iam-service-roles-project-level: Service Account Roles at Project Level
- POC gcloud-pubsub-crossproject-access: Pub/Sub Subscription Cross-Project Access
- POC projectsend-installer: ProjectSend Installation Page - Exposure
- POC sonarqube-projects-disclosure: SonarQube - Information Disclosure
- POC sonarqube-public-projects: Sonarqube with public projects
- JieLink+ 智能终端操作平台 /project/IPPool/DeleteIpPool SQL 注入漏洞
- Vite /@fs/Users/doggy/Desktop/vite-project/ 文件读取漏洞(CVE-2025-32395)
- projectworlds Online Time Table Generator 注入漏洞