CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Cvelist•added 2026/05/12 12:0 a.m.•34 views

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

0.006EPSS

Exploits0References2

Huntr•added 2026/03/13 1:57 a.m.•6 views

model.weights.h5: h5py.ExternalLink at Group level silently followed during load_model(), bypassing CVE-2025-9905 fix — information disclosure from arbitrary HDF5 files

Keras 3.x introduced a fix for CVE-2025-9905 by checking dataset.external in H5IOStore.verifydataset. This check blocks datasets whose raw bytes are stored in external files via the HDF5 "External Data Storage" mechanism. However, HDF5 supports a second, unrelated external-reference mechanism:...

7.3CVSS7.5AI score0.00205EPSS

Exploits1

OSV•added 2026/01/15 2:16 p.m.•6 views

AZL-74631 CVE-2026-0897 affecting package keras for versions less than 3.3.3-6

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

7.5CVSS5.8AI score0.00364EPSS

Exploits3References1

OSV•added 2026/01/15 2:16 p.m.•2 views

UBUNTU-CVE-2026-0897

7.5CVSS6.1AI score0.00364EPSS

Exploits3References3

Cvelist•added 2026/01/15 2:9 p.m.•28 views

CVE-2026-0897 Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata

7.1CVSS0.00364EPSS

Exploits3References1

CVE•added 2026/01/15 2:9 p.m.•28 views

CVE-2026-0897

CVE-2026-0897 affects Google Keras (3.0.0–3.13.0) via the HDF5 weight loading component. A crafted .keras archive containing a valid model.weights.h5 file with an extremely large dataset shape can trigger memory exhaustion and crash the Python interpreter, causing a Denial of Service. Some connec...

7.5CVSS6.6AI score0.00364EPSS

Exploits3References1Affected Software1

Positive Technologies•added 2026/01/15 12:0 a.m.•6 views

PT-2026-3014

Name of the Vulnerable Software and Affected Versions Keras versions 3.0.0 through 3.13.0 Description A flaw exists in the HDF5 weight loading component of Keras that allows for a denial of service. An attacker can provide a crafted .keras archive containing a valid model.weights.h5 file. This fi...

7.5CVSS6.8AI score0.00364EPSS

Exploits3References17