Security Bulletin: Multiple Vulnerabilities affect IBM Watson Studio in Cloud Pak for Data.

Summary Multiple vulnerabilities have been addressed in IBM Watson Studio in Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the...

CVE-2025-1550 affecting package keras for versions less than 3.3.3-2

CVE-2025-1550 affecting package keras for versions less than 3.3.3-2. A patched version of the package is available...

CVE-2025-1550 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

abgrouponline (>=1.0.0 <=1.0.4), abismal (>=0.0.6 <=0.0.7) +1604 more potentially affected by CVE-2025-1550 via keras (>=3.0.0 <=3.8.0)

keras PYPI version =3.0.0, =1.0.0, =0.0.6, =0.0.1, =0.0.1, =0.0.3, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.3.0 - aegis-model =0.1.0 and more Source cves: CVE-2025-1550 Source advisory: SNYK:PYTHON-KERAS-9396793...

CVE-2025-1550

creationtimestamp| type| source ---|---|--- 2025-03-11 08:38:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7118 2025-03-11 10:30:14+00:00| published-proof-of-concept| Telegram/pkXIaiZyZuzTPl6hZZWn5mEgJvxrDSmjrnTe04Bm5-D6EY 2025-03-11 11:46:19+00:00| seen|...