CVE-2026-5258 Sanster IOPaint File Manager file_manager.py _get_file path traversal

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5258 Sanster IOPaint File Manager file_manager.py _get_file path traversal

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...

Directory Traversal

Keras is vulnerable to Directory Traversal. The vulnerability is due to unsafe extraction of tar archives in keras.utils.getfile without proper filtering during extraction, which allows an attacker to bypass path validation and write files outside the intended directory...

Linux Distros Unpatched Vulnerability : CVE-2025-12638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises...

GHSA-9G7V-8WXV-MWXP Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extractin...

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

Keras 路径遍历漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A path traversal vulnerability exists in Keras version 3.11.3, which stems from a path traversal issue in the keras.utils.getfile function when extracting tar archives, which could lead to arbitrary file writes...

EUVD-2025-28027

Malicious code in bioql PyPI...

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

...

Linux Distros Unpatched Vulnerability : CVE-2024-55459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

GHSA-CJGQ-5QMW-RCJ6 keras Path Traversal vulnerability

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

DEBIAN-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

AZL-55313 CVE-2024-55459 affecting package keras 3.3.3-6

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

UBUNTU-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

CVE-2024-7135

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getfile' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with...

WordPress plugin Tainacan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Google TensorFlow 路径遍历漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an arbitrary file overwrite vulnerability, which originates from an issue caused when tf.keras.utils.getfile is used with extract=True, and can be exploited by an...

AlegroCart Arbitrary Code Execution Vulnerability

AlegroCart is an open source online business solution from the Canadian ALEGROCART team. AlegroCart version 1.2.8 has a remote file inclusion vulnerability in the 'getfile' function of the upload/admin2/controller/reportlogs.php file, which stems from the program failing to detect the 'filepath'...