42 matches found
CVE-2026-5258 Sanster IOPaint File Manager file_manager.py _get_file path traversal
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
CVE-2026-5258 Sanster IOPaint File Manager file_manager.py _get_file path traversal
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
Directory Traversal
Keras is vulnerable to Directory Traversal. The vulnerability is due to unsafe extraction of tar archives in keras.utils.getfile without proper filtering during extraction, which allows an attacker to bypass path validation and write files outside the intended directory...
CVE-2021-47729
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...
Linux Distros Unpatched Vulnerability : CVE-2025-12638
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises...
EUVD-2025-199871
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extractin...
GHSA-9G7V-8WXV-MWXP Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extractin...
CVE-2025-12638
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
AZL-71185 CVE-2025-12638 affecting package keras for versions less than 3.3.3-5
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
Keras 路径遍历漏洞
Keras is a multi-backend deep learning framework open-sourced by Keras. A path traversal vulnerability exists in Keras version 3.11.3, which stems from a path traversal issue in the keras.utils.getfile function when extracting tar archives, which could lead to arbitrary file writes...
SUSE CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
Keras keras.utils.get_file Utility Path Traversal Vulnerability
...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
UBUNTU-CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
EUVD-2025-28027
Malicious code in bioql PyPI...
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
...