5 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-12479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loadin...
CVE-2026-1462
A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...
CVE-2025-9906 affecting package keras for versions less than 3.3.3-4
CVE-2025-9906 affecting package keras for versions less than 3.3.3-4. A patched version of the package is available...
AZL-67505 CVE-2025-9905 affecting package keras for versions less than 3.3.3-4
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-8747 affecting package keras for versions less than 3.3.3-3
CVE-2025-8747 affecting package keras for versions less than 3.3.3-3. A patched version of the package is available...