CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Veracode•added 2025/12/13 7:53 a.m.•4 views

Server-Side Request Forgery (SSRF)

Keras is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the StringLookup layer during model loading from a crafted .keras archive, which allows an attacker to supply local or remote file paths as vocabulary inputs and exploit tf.io.gfile behavior ...

5.9CVSS7.7AI score0.00079EPSS

Exploits0References4Affected Software1

OSV•added 2025/11/14 12:39 p.m.•3 views

OESA-2025-2690 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

5.9CVSS6.5AI score0.00079EPSS

Exploits0References2

OSV•added 2025/11/14 12:39 p.m.•2 views

OESA-2025-2691 python-Keras security update

5.9CVSS7.3AI score0.00079EPSS

Exploits0References2

OSV•added 2025/11/14 12:39 p.m.•3 views

OESA-2025-2689 python-Keras security update

5.9CVSS7.3AI score0.00079EPSS

Exploits0References2

EUVD•added 2025/10/29 9:30 a.m.•3 views

EUVD-2025-36634

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery...

5.9CVSS6.3AI score0.00079EPSS

Exploits0References5

Github Security Blog•added 2025/10/29 9:30 a.m.•3 views

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS6.6AI score0.00079EPSS

Exploits0References6Affected Software1

OSV•added 2025/10/29 9:30 a.m.•3 views

GHSA-MQ84-HJQX-CWF2 Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery

5.9CVSS6.6AI score0.00079EPSS

Exploits0References6

OSV•added 2025/10/29 9:15 a.m.•0 views

AZL-69583 CVE-2025-12058 affecting package keras 2.11.0-3

5.9CVSS5.9AI score0.00079EPSS

Exploits0References1

OSV•added 2025/10/29 9:15 a.m.•0 views

UBUNTU-CVE-2025-12058

5.9CVSS7.4AI score0.00079EPSS

Exploits0References4

Vulnrichment•added 2025/10/29 8:48 a.m.•2 views

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

5.9CVSS6.2AI score0.00079EPSS

Exploits0References2

Cvelist•added 2025/10/29 8:48 a.m.•309 views

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

5.9CVSS0.00079EPSS

Exploits0References2

CNNVD•added 2025/10/29 12:0 a.m.•1 views

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from the StringLookup layer not properly restricting external path loading functionality when processing specially crafted .keras archives, which could lead to arbitrary loc...

5.9CVSS7.4AI score0.00079EPSS

Exploits0References3

GithubExploit•added 2023/07/18 5:55 p.m.•250 views

Exploit for CVE-2022-33980

riskootext4shell text4shell script for text coomons =1.10...

9.8CVSS9.8AI score0.86659EPSS

Exploits3

Gentoo Linux•added 2023/01/11 12:0 a.m.•54 views

Apache Commons Text: Arbitrary Code Execution

Background Apache Commons Text is a library focused on algorithms working on strings. Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to...

9.8CVSS3.5AI score0.94251EPSS

Exploits41

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by