CVE-2024-48884

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0...

Arbitrary File Write

keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...

CVE-2023-42248

CVE-2023-42248 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page common/vam_Sql.php. The vulnerability is demonstrated across multiple sources (e.g., Red Hat, CNNVD, CVE databases) a...

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...

PT-2025-1474 · Selesta · Selesta Visual Access Manager

Name of the Vulnerable Software and Affected Versions: Selesta Visual Access Manager VAM versions prior to 4.42.2 Description: An issue was discovered in Selesta Visual Access Manager VAM where an authenticated attacker can write arbitrary files by manipulating POST parameters of the page...

SUSE CVE-2024-55947

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

UBUNTU-CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

keras Path Traversal vulnerability

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

GHSA-CJGQ-5QMW-RCJ6 keras Path Traversal vulnerability

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

DEBIAN-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

AZL-55313 CVE-2024-55459 affecting package keras 3.3.3-6

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

UBUNTU-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

PT-2025-3118 · Keras · Keras

Name of the Vulnerable Software and Affected Versions: Keras version 3.7.0 Description: The issue allows attackers to write arbitrary files to the user's machine by downloading a crafted tar file through the get file function. This enables attackers to potentially compromise the user's system by...

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras version 3.7.0, which stems from a vulnerability that allows an attacker to write arbitrary files to a user's computer by downloading a carefully crafted tar file via the getfile functi...

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...