Lucene search
+L

746 matches found

OSV
OSV
added 2026/06/11 2:16 p.m.7 views

DEBIAN-CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.8AI score0.00518EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 2:16 p.m.11 views

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS0.00518EPSS
Exploits1References5
OSV
OSV
added 2026/06/11 2:16 p.m.10 views

UBUNTU-CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.8AI score0.00518EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/11 1:31 p.m.33 views

CVE-2026-11816 Path Traversal in keras-team/keras

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS0.00518EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/11 1:31 p.m.7 views

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.8AI score0.00518EPSS
Exploits1
CVE
CVE
added 2026/06/11 1:31 p.m.36 views

CVE-2026-11816

CVE-2026-11816 affects Keras

8.1CVSS7.6AI score0.00518EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/11 1:31 p.m.4 views

CVE-2026-11816 Path Traversal in keras-team/keras

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.3AI score0.00518EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/11 1:31 p.m.11 views

EUVD-2026-36244

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.6AI score0.00518EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/11 1:31 p.m.12 views

CVE-2026-11816 Path Traversal in keras-team/keras

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.6AI score0.00518EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.28 views

PT-2026-48662

Name of the Vulnerable Software and Affected Versions Keras versions prior to 3.14.0 Description A path traversal issue exists in the archive extraction utilities within keras/src/utils/file utils.py. The functions filter safe tarinfos and filter safe zipinfos validate archive member paths agains...

8.1CVSS7.3AI score0.00518EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Keras 路径遍历漏洞

Keras is an open-source deep learning framework developed by Keras. Versions of Keras prior to 3.14.0 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the archive extraction tool. The functions filtersafetarinfos and filtersafezipinfos used to...

8.1CVSS7.8AI score0.00518EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:0 p.m.9 views

CVE-2026-45380 bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS5.5AI score0.00116EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 12:39 p.m.3 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS6.1AI score0.00215EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48534

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS5.5AI score0.00116EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:54 a.m.14 views

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

7.5CVSS5.4AI score0.00622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-39817

A flaw was found in the "go tool pack" subcommand, a component of the Go programming language tools. This vulnerability allows an attacker to craft a malicious archive file. When this archive is extracted using the "pack" subcommand, it can lead to arbitrary file writes on the filesystem,...

5.9CVSS6.3AI score0.0017EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-41530

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.2AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

9.1CVSS5.6AI score0.00418EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.14 views

CVE-2026-44788

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

6.5CVSS5.6AI score0.00313EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 7:16 a.m.18 views

CVE-2026-10732

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

7.5CVSS0.00521EPSS
Exploits0References6
Rows per page
Query Builder