BIT-GDAL-2026-8212 OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow

A flaw has been found in OSGeo gdal up to 3.13.0. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used...

CVE-2026-8213

OSGeo GDAL (up to 3.13.0dev-4) is affected by a heap-based overflow in the Grid File Handler’s GDSDfldsrch function (GDapi.c). The issue allows local code execution with a low attack complexity; public exploit details are available and the vulnerability can be triggered locally. Remediation is to...

Keras 3.13.0 HDF5 Shape Fuzzing for Robustness Testing

This script performs fuzz testing against Keras version 3.13.0 on randomly generated tensor shapes using NumPy and HDF5 to evaluate stability and error handling in file creation workflows...

Keras 代码问题漏洞

Keras is an open-source deep learning framework with multiple backends. Version 3.13.0 of Keras contains a code vulnerability that stems from the TFSLayer class’s unconditional loading of external SavedModels, which may lead to arbitrary code execution...

CVE-2025-13985

Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...

CVE-2025-13985

Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...

CVE-2025-13985 Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123

Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...

CVE-2025-13985

This CVE concerns Drupal Entity Share with an Incorrect Authorization vulnerability that enables forceful browsing. Affected product/line: Drupal Entity Share prior to version 3.13.0 . The issue is described as an access control flaw that could permit unauthorized access (information disclosure) ...

CVE-2025-13985

Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...

CVE-2025-13985 Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123

Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...

PT-2026-5204

Name of the Vulnerable Software and Affected Versions Drupal Entity Share versions prior to 3.13.0 Description An authorization issue exists in Drupal Entity Share that permits forceful browsing. This flaw potentially allows unauthorized access to resources. Recommendations Update Drupal Entity...

Drupal Entity Share security vulnerability

Drupal Entity Share is a content sharing plugin for the Drupal community. Versions of Drupal Entity Share prior to 3.13.0 contained a security vulnerability, which was caused by improper authorization and could lead to forced browsing...

CVE-2026-0897 Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

CVE-2022-42154

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2025-66059

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66060

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66061

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

EUVD-2025-198482

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66060

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66061

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...