700 matches found
OpenSMTPD < 6.6.4 Multiple Vulnerabilities (Feb 2020)
OpenSMTPD is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:opensmtpd"; ifdescription...
curl: Arbitrary Configuration File Inclusion: via External Control of File Name or Path
Summary: The Arbitrary Configuration File Inclusion ACFI vulnerability was identified in the curl utility via the --config option. This flaw is a form of External Control of File Name or Path CWE-73, occurring due to the lack of adequate validation on the user-supplied configuration file path. An...
EUVD-2025-36634
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery...
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
GHSA-MQ84-HJQX-CWF2 Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
CVE-2025-12058
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
AZL-69583 CVE-2025-12058 affecting package keras 2.11.0-3
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
CVE-2025-12058
The CVE describes a vulnerability in Keras Model.load_model where the StringLookup layer can load a local file or fetch remote content during model loading, enabling arbitrary local file reads and SSRF even when safe_mode=True. IBM bulletins link affected packages (keras-3.11.3 wheel; keras-2.14....
Linux Distros Unpatched Vulnerability : CVE-2025-12058
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and...
CVE-2025-27222
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...
CVE-2025-27222
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...
CVE-2025-12055
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...
EUVD-2025-36215
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...
CVE-2025-27222
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...
CVE-2025-27222
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...
EUVD-2025-34699
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...
EUVD-2008-6306
Malware in sbrugna...
EUVD-2019-18564
Malware in sbrugna...
EUVD-2000-0999
Malware in sbrugna...