Lucene search
K

419 matches found

RedhatCVE
RedhatCVE
added 2026/07/06 10:3 a.m.5 views

CVE-2026-12481

A flaw was found in the Keras deep learning library. This vulnerability allows a remote attacker to execute arbitrary code on the system by exploiting improper handling of deserialization in the Lambda layer. Specifically, a security safeguard designed to prevent unsafe deserialization is bypasse...

9.8CVSS6.5AI score0.00397EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-12481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer...

9.8CVSS7.8AI score0.00397EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 9:16 p.m.5 views

DEBIAN-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS6.6AI score0.00397EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS0.00397EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 9:16 p.m.3 views

UBUNTU-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 8:36 p.m.31 views

CVE-2026-12481

The CVE affects keras-team/keras 3.14.0, where deserialization in the Lambda layer can bypass the safe-mode guard. The root cause is _raise_for_lambda_deserialization() treating safe_mode=None as unset/deny, allowing attacker-controlled marshal bytecode to be deserialized. Affected call sites inc...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/07/03 8:36 p.m.8 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1
EUVD
EUVD
added 2026/07/03 8:36 p.m.8 views

EUVD-2026-41600

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS7.7AI score0.00397EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/03 8:36 p.m.39 views

CVE-2026-12481 Deserialization of Untrusted Data in keras-team/keras

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS0.00397EPSS
Exploits1References1
Snyk
Snyk
added 2026/07/03 8:36 p.m.6 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process of the Lambda layer when the safemode safeguard is not explicitly enabled. An attacker can execute...

9.8CVSS7.5AI score0.00397EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55585

Name of the Vulnerable Software and Affected Versions keras-team/keras version 3.14.0 Description Improper handling of deserialization in the Lambda layer allows for arbitrary OS-level code execution in the context of the server or user process. The raise for lambda deserialization function fails...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/07/02 12:31 p.m.6 views

CVE-2026-58517

A flaw was found in The Wikimedia Foundation Mediawiki - WikiLambda Extension. This vulnerability, caused by improper neutralization of input terminators, allows an attacker to bypass authentication. This could lead to unauthorized access to the system. Mitigation To mitigate this vulnerability,...

9.1CVSS5.7AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 6:23 p.m.21 views

CVE-2026-58517

CVE-2026-58517 concerns the Wikimedia Foundation’s MediaWiki WikiLambda Extension, with an issue labeled as an improper neutralization of input terminators that enables an authentication bypass. Affected versions are WikiLambda Extension releases prior to 1.43.9, 1.44.6, and 1.45.4. The CVSS 4.0 ...

6.9CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 7:17 p.m.10 views

CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:18 p.m.34 views

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:18 p.m.33 views

CVE-2026-54288

The CVE-2026-54288 issue affects the Hono Web framework prior to version 4.12.25, where the Body Limit Middleware trusts the request Content-Length header. On AWS Lambda environments (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge), the body is fully buffered and the adapter builds the requ...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:16 p.m.35 views

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:16 p.m.28 views

CVE-2026-54289

CVE-2026-54289 — Hono Lambda@Edge header handling : On AWS Lambda@Edge, prior to 4.12.25, CloudFront may deliver repeated headers as multiple entries. The Hono Lambda@Edge adapter uses Headers.set for each value, overwriting the previous one, so only the last value reaches the application. Header...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:16 p.m.5 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:13 p.m.34 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
Rows per page
Query Builder