Lucene search
K

4 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-41600

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/24 3:36 p.m.19 views

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

Summary Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods that also evaluate @src via eva...

8.1CVSS6.7AI score0.01131EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/24 4:20 a.m.10 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the defmodule, defmethod, or defclass methods due to insufficient deserialization guards. An attacker can achieve arbitrary code execution by supplying crafted input to Marshal.load in a Ruby application...

9.2CVSS6.3AI score0.01131EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/24 2:35 a.m.30 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS0.01131EPSS
Exploits0References1
Rows per page
Query Builder