Lucene search
K

17 matches found

EUVD
EUVD
added 2026/05/06 11:9 p.m.5 views

EUVD-2026-2735

Keras vulnerable to DoS via Malicious .keras Model HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor...

7.5CVSS6.7AI score0.00299EPSS
Exploits3References6
EUVD
EUVD
added 2025/10/29 9:30 a.m.6 views

EUVD-2025-36634

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery...

5.9CVSS6.3AI score0.00239EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24127

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00112EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30281

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00186EPSS
Exploits0References6
OSV
OSV
added 2025/09/19 9:31 a.m.3 views

GHSA-36FQ-JGMW-4R9C Keras is vulnerable to Deserialization of Untrusted Data

Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted .keras model archive, even when safemode=True. The issue arises because the archive’s config.json is parsed before layer deserialization. This can invoke...

8.7CVSS7.7AI score0.00186EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-8747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by...

8.6CVSS5.9AI score0.00112EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/11 9:30 a.m.5 views

Duplicate Advisory: Keras safe mode bypass vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references. Original Description A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/11 9:30 a.m.2 views

GHSA-PWQ7-2GVJ-VG9V Duplicate Advisory: Keras safe mode bypass vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references. Original Description A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 2025/08/11 8:15 a.m.5 views

CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS0.00112EPSS
Exploits0References2
PyPA
PyPA
added 2025/08/11 8:15 a.m.9 views

PYSEC-2025-75

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6.3AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 8:15 a.m.5 views

CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

7.8CVSS7.8AI score
Exploits0References2
OSV
OSV
added 2025/08/11 8:15 a.m.6 views

AZL-66171 CVE-2025-8747 affecting package keras for versions less than 3.3.3-3

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6.4AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 8:15 a.m.8 views

UBUNTU-CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6.4AI score0.00112EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/11 7:21 a.m.15 views

CVE-2025-8747 Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS0.00112EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/11 7:21 a.m.2 views

CVE-2025-8747 Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References2
CVE
CVE
added 2025/08/11 7:21 a.m.72 views

CVE-2025-8747

CVE-2025-8747 corresponds to a safe-mode bypass in Keras Model.load_model, allowing arbitrary code execution by loading a crafted .keras archive. Connected IBM bulletins confirm the vulnerability affects Keras 3.0.0–3.10.0 and describe a bypass via manipulated config.json or inner Lambda mechanis...

8.6CVSS7.9AI score0.00112EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.6 views

Keras 代码注入漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. Keras suffers from a code injection vulnerability that stems from allowing execution of arbitrary code via a manually constructed malicious keras archive, even in safe mode...

9.8CVSS7.9AI score0.02803EPSS
Exploits3References4
Rows per page
Query Builder