Lucene search
K

17 matches found

EUVD
EUVD
added 2026/05/06 11:9 p.m.5 views

EUVD-2026-2735

Keras vulnerable to DoS via Malicious .keras Model HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor...

7.5CVSS6.7AI score0.00299EPSS
Exploits3References6
EUVD
EUVD
added 2025/10/29 9:30 a.m.6 views

EUVD-2025-36634

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery...

5.9CVSS6.3AI score0.00239EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30281

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00186EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24127

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00112EPSS
Exploits0References5
OSV
OSV
added 2025/09/19 9:31 a.m.3 views

GHSA-36FQ-JGMW-4R9C Keras is vulnerable to Deserialization of Untrusted Data

Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted .keras model archive, even when safemode=True. The issue arises because the archive’s config.json is parsed before layer deserialization. This can invoke...

8.7CVSS7.7AI score0.00186EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-8747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by...

8.6CVSS5.9AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 9:30 a.m.2 views

GHSA-PWQ7-2GVJ-VG9V Duplicate Advisory: Keras safe mode bypass vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references. Original Description A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/11 9:30 a.m.4 views

Duplicate Advisory: Keras safe mode bypass vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references. Original Description A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/08/11 8:15 a.m.5 views

CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS0.00112EPSS
Exploits0References2
PyPA
PyPA
added 2025/08/11 8:15 a.m.9 views

PYSEC-2025-75

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6.3AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 8:15 a.m.5 views

CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

7.8CVSS7.8AI score
Exploits0References2
OSV
OSV
added 2025/08/11 8:15 a.m.6 views

AZL-66171 CVE-2025-8747 affecting package keras for versions less than 3.3.3-3

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6.4AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 8:15 a.m.7 views

UBUNTU-CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6.4AI score0.00112EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/11 7:21 a.m.15 views

CVE-2025-8747 Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS0.00112EPSS
Exploits0References2
CVE
CVE
added 2025/08/11 7:21 a.m.72 views

CVE-2025-8747

CVE-2025-8747 corresponds to a safe-mode bypass in Keras Model.load_model, allowing arbitrary code execution by loading a crafted .keras archive. Connected IBM bulletins confirm the vulnerability affects Keras 3.0.0–3.10.0 and describe a bypass via manipulated config.json or inner Lambda mechanis...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/11 7:21 a.m.2 views

CVE-2025-8747 Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.4 views

Keras 代码注入漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. Keras suffers from a code injection vulnerability that stems from allowing execution of arbitrary code via a manually constructed malicious keras archive, even in safe mode...

9.8CVSS7.9AI score0.02803EPSS
Exploits3References4
Rows per page
Query Builder