294 matches found
EUVD-2024-52178
Malicious code in bioql PyPI...
EUVD-2025-30277
Malicious code in bioql PyPI...
EUVD-2024-53161
Malicious code in bioql PyPI...
EUVD-2024-53164
Malicious code in bioql PyPI...
EUVD-2025-21559
Malicious code in bioql PyPI...
EUVD-2025-21560
Malicious code in bioql PyPI...
EUVD-2025-23967
Malicious code in bioql PyPI...
EUVD-2025-21558
Malicious code in bioql PyPI...
EUVD-2025-21561
Malicious code in bioql PyPI...
EUVD-2025-13509
Malicious code in bioql PyPI...
Heap Buffer Overflow
executorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to achieve code execution or cause other undesirable effects...
Integer Overflow
executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to place objects outside their allocated memory area leading to potential code execution or other undesirable effects...
Integer Overflow
executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of model loading, which allows an attacker to trigger overlapping allocations leading to potential code execution or other undesirable effects...
Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One c...
AZL-67505 CVE-2025-9905 affecting package keras for versions less than 3.3.3-4
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
PYSEC-2025-123
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9906 Arbitrary Code execution in Keras Safe Mode
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
PT-2025-38517
Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Model.load model method can be exploited to achieve arbitrary code execution, even when safe mode is enabled. This is possible by creating a specially crafted .h5 or .hdf5 model archive tha...
NVIDIA Triton Inference Server 输入验证错误漏洞
NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an input validation error vulnerability that originates from loading a misconfigured model, whi...