Lucene search
K

823 matches found

Nuclei
Nuclei
added 16 hours ago131 views

October CMS - Remote Code Execution

October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safemode and cms.enableSafeMode in order to execute arbitrary cod...

8.5CVSS7.3AI score0.08682EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/06 10:3 a.m.5 views

CVE-2026-12481

A flaw was found in the Keras deep learning library. This vulnerability allows a remote attacker to execute arbitrary code on the system by exploiting improper handling of deserialization in the Lambda layer. Specifically, a security safeguard designed to prevent unsafe deserialization is bypasse...

9.8CVSS6.5AI score0.00397EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-12481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer...

9.8CVSS7.8AI score0.00397EPSS
Exploits1References3
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS0.00397EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 9:16 p.m.5 views

DEBIAN-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS6.6AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 9:16 p.m.4 views

UBUNTU-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 8:36 p.m.31 views

CVE-2026-12481

The CVE affects keras-team/keras 3.14.0, where deserialization in the Lambda layer can bypass the safe-mode guard. The root cause is _raise_for_lambda_deserialization() treating safe_mode=None as unset/deny, allowing attacker-controlled marshal bytecode to be deserialized. Affected call sites inc...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/07/03 8:36 p.m.8 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1
EUVD
EUVD
added 2026/07/03 8:36 p.m.8 views

EUVD-2026-41600

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score0.00397EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/03 8:36 p.m.39 views

CVE-2026-12481 Deserialization of Untrusted Data in keras-team/keras

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS0.00397EPSS
Exploits1References1
Snyk
Snyk
added 2026/07/03 8:36 p.m.6 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process of the Lambda layer when the safemode safeguard is not explicitly enabled. An attacker can execute...

9.8CVSS7.5AI score0.00397EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55585

Name of the Vulnerable Software and Affected Versions keras-team/keras version 3.14.0 Description Improper handling of deserialization in the Lambda layer allows for arbitrary OS-level code execution in the context of the server or user process. The raise for lambda deserialization function fails...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.12 views

CVE-2026-25125

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parseinistring function supports $ syntax for environment variable interpolation, attackers with...

4.9CVSS5.3AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.4AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.13 views

CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

6.8CVSS5.4AI score0.00395EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-26274

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS5.6AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 2:16 a.m.4 views

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS0.00177EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:9 a.m.4 views

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/23 12:9 a.m.5 views

EUVD-2026-25164

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/23 12:9 a.m.5 views

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References2
Rows per page
Query Builder