Lucene search
K

414 matches found

RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-12481

A flaw was found in the Keras deep learning library. This vulnerability allows a remote attacker to execute arbitrary code on the system by exploiting improper handling of deserialization in the Lambda layer. Specifically, a security safeguard designed to prevent unsafe deserialization is bypasse...

8.8CVSS6.5AI score0.00402EPSS
Exploits0References4
NVD
NVD
added 5 days ago4 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-12481 Deserialization of Untrusted Data in keras-team/keras

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS0.00402EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41600

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score0.00402EPSS
Exploits0References1
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score0.00402EPSS
Exploits0
CVE
CVE
added 5 days ago18 views

CVE-2026-12481

The CVE-2026-12481 entry describes a vulnerability in keras-team/keras 3.14.0 where improper handling of deserialization in the Lambda layer can lead to arbitrary OS‑level code execution. The root cause is in _raise_for_lambda_deserialization(), which does not enforce the safe-mode guard when saf...

8.8CVSS7.7AI score0.00402EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-55585

Name of the Vulnerable Software and Affected Versions keras-team/keras version 3.14.0 Description Improper handling of deserialization in the Lambda layer allows for arbitrary OS-level code execution in the context of the server or user process. The raise for lambda deserialization function fails...

8.8CVSS7.7AI score0.00402EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-58517

A flaw was found in The Wikimedia Foundation Mediawiki - WikiLambda Extension. This vulnerability, caused by improper neutralization of input terminators, allows an attacker to bypass authentication. This could lead to unauthorized access to the system. Mitigation To mitigate this vulnerability,...

9.1CVSS5.7AI score0.00342EPSS
Exploits0References5
CVE
CVE
added last week12 views

CVE-2026-58517

CVE-2026-58517 concerns the Wikimedia Foundation’s MediaWiki WikiLambda Extension, with an issue labeled as an improper neutralization of input terminators that enables an authentication bypass. Affected versions are WikiLambda Extension releases prior to 1.43.9, 1.44.6, and 1.45.4. The CVSS 4.0 ...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 7:17 p.m.9 views

CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:18 p.m.32 views

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:18 p.m.27 views

CVE-2026-54288

The CVE-2026-54288 issue affects the Hono Web framework prior to version 4.12.25, where the Body Limit Middleware trusts the request Content-Length header. On AWS Lambda environments (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge), the body is fully buffered and the adapter builds the requ...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:16 p.m.32 views

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:16 p.m.21 views

CVE-2026-54289

CVE-2026-54289 — Hono Lambda@Edge header handling : On AWS Lambda@Edge, prior to 4.12.25, CloudFront may deliver repeated headers as multiple entries. The Hono Lambda@Edge adapter uses Headers.set for each value, overwriting the previous one, so only the last value reaches the application. Header...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:16 p.m.5 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:13 p.m.32 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:13 p.m.18 views

CVE-2026-54287

Summary: Hono’s AWS Lambda adapter, in the ALB single-header mode and VPC Lattice v2, concatenates multiple Set-Cookie headers into a single comma-separated value, causing cookie attributes that include commas (e.g., Expires) to be misparsed or dropped. Affected components: Hono web framework; AW...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/16 2:32 p.m.9 views

Insufficient Verification of Data Authenticity

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the Body Limit Middleware. An attacker can cause the application to process payloads larger than the configured maximum by understating t...

6.9CVSS5.9AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 2:32 p.m.5 views

GHSA-RV63-4MWF-QQC2 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...

6.5CVSS5.4AI score0.00103EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:32 p.m.12 views

hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...

6.5CVSS5.4AI score0.00103EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder