Lucene search
+L

17 matches found

OSV
OSV
added 4 days ago6 views

UBUNTU-CVE-2026-12482

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-12481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer...

9.8CVSS7.8AI score0.00397EPSS
Exploits1References3
OSV
OSV
added 2026/06/22 4:16 p.m.4 views

DEBIAN-CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS5.9AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 4:16 p.m.5 views

UBUNTU-CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Keras 代码问题漏洞

Keras is an open-source deep learning framework with multiple backends. Version 3.13.0 of Keras contains a code vulnerability that stems from the TFSLayer class’s unconditional loading of external SavedModels, which may lead to arbitrary code execution...

8.8CVSS7.6AI score0.00363EPSS
Exploits1References2
OSV
OSV
added 2026/01/15 2:16 p.m.9 views

AZL-74631 CVE-2026-0897 affecting package keras for versions less than 3.3.3-6

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

7.6CVSS5.8AI score0.00299EPSS
Exploits3References1
OSV
OSV
added 2026/01/15 2:9 p.m.8 views

CVE-2026-0897 Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

7.1CVSS6.8AI score0.00299EPSS
Exploits3References9
EUVD
EUVD
added 2025/11/28 3:30 p.m.9 views

EUVD-2025-199871

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7AI score0.00605EPSS
Exploits0References2
NVD
NVD
added 2025/11/28 3:16 p.m.10 views

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/28 2:6 p.m.2 views

CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS8.2AI score0.00605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/03 8:30 p.m.11 views

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

9.4CVSS6.7AI score0.01227EPSS
Exploits11References5
OSV
OSV
added 2025/10/30 5:15 p.m.11 views

AZL-69472 CVE-2025-12060 affecting package keras for versions less than 3.3.3-5

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS5.9AI score0.00593EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 5:10 p.m.5 views

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS7.4AI score0.00593EPSS
Exploits0References5
OSV
OSV
added 2025/10/17 4:15 p.m.5 views

UBUNTU-CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

9.8CVSS7.5AI score0.00699EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-55459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2025/01/08 5:15 p.m.3 views

DEBIAN-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2025/01/08 12:0 a.m.5 views

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

6.5CVSS7.2AI score0.00224EPSS
Exploits0References5
Rows per page
Query Builder