CVE-2026-1669 affecting package keras for versions less than 3.3.3-7

CVE-2026-1669 affecting package keras for versions less than 3.3.3-7. A patched version of the package is available...

Incomplete Fix for CVE-2026-1669: HDF5 External Storage File Disclosure in Legacy H5 Loading

Description Keras 3 patched CVE-2026-1669 HDF5 External Storage File Disclosure in the new .keras and .weights.h5 loading paths by adding verifydataset to check for dataset.external in H5IOStore. However, the legacy .h5 loading path keras/src/legacy/saving/legacyh5format.py was not patched. This...

CVE-2026-1669 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

CVE-2026-1669

creationtimestamp| type| source ---|---|--- 2026-02-18 23:10:39+00:00| seen| https://gist.github.com/alon710/c30b614b2f8b58329464819257a9bb07 2026-02-18 23:24:32+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mf67yrkxzi2s...

CVE-2026-1669

A flaw was found in Keras. A remote attacker can exploit an arbitrary file read vulnerability in the model loading mechanism HDF5 integration by providing a specially crafted .keras model file that utilizes HDF5 external dataset references. This allows the attacker to read local files and disclos...

Linux Distros Unpatched Vulnerability : CVE-2026-1669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker t...

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +16 more potentially affected by CVE-2026-1669 via keras (>=3.0.0 <=3.12.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =14.0.0, =14.0.15b3 and more Source cves: CVE-2026-1669 Source advisory: SNYK:PYTHON-KERAS-15268069...

UBUNTU-CVE-2026-1669

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

CVE-2026-1669

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

CVE-2005-1669

Cross-site scripting XSS vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other...

EUVD-2021-1669

Malware in sbrugna...

EUVD-2013-2314

Malware in sbrugna...

CVE-2023-1669

The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2013-2368

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669...

CVE-2025-1669

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-1669 School Management System – WPSchoolPress <= 2.2.17 - Authenticated (Teacher+) SQL Injection

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Linux Distros Unpatched Vulnerability : CVE-2016-1669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certa...

RHEL 7 : v8 (RHSA-2017:0880)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:0880 advisory. V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements...

SUSE: Security Advisory (SUSE-SU-2024:1669-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : v8 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - V8: integer overflow leading to buffer overflow in Zone::New CVE-2016-1669 Note that Nessus has not tested for this...