Lucene search
K

39 matches found

RedhatCVE
RedhatCVE
added 2026/07/06 10:3 a.m.5 views

CVE-2026-12481

A flaw was found in the Keras deep learning library. This vulnerability allows a remote attacker to execute arbitrary code on the system by exploiting improper handling of deserialization in the Lambda layer. Specifically, a security safeguard designed to prevent unsafe deserialization is bypasse...

9.8CVSS6.5AI score0.00397EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-12481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer...

9.8CVSS7.8AI score0.00397EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 9:16 p.m.5 views

DEBIAN-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS6.6AI score0.00397EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS0.00397EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 9:16 p.m.4 views

UBUNTU-CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 8:36 p.m.31 views

CVE-2026-12481

The CVE affects keras-team/keras 3.14.0, where deserialization in the Lambda layer can bypass the safe-mode guard. The root cause is _raise_for_lambda_deserialization() treating safe_mode=None as unset/deny, allowing attacker-controlled marshal bytecode to be deserialized. Affected call sites inc...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/07/03 8:36 p.m.8 views

CVE-2026-12481

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

9.8CVSS7.7AI score0.00397EPSS
Exploits1
Cvelist
Cvelist
added 2026/07/03 8:36 p.m.39 views

CVE-2026-12481 Deserialization of Untrusted Data in keras-team/keras

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...

8.8CVSS0.00397EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55585

Name of the Vulnerable Software and Affected Versions keras-team/keras version 3.14.0 Description Improper handling of deserialization in the Lambda layer allows for arbitrary OS-level code execution in the context of the server or user process. The raise for lambda deserialization function fails...

9.8CVSS7.7AI score0.00397EPSS
Exploits1References7
Huntr
Huntr
added 2026/04/04 8:35 p.m.6 views

Lambda Layer `safe_mode=None` Guard Bypass — Arbitrary Code Execution via `from_config()`

This report is not public...

9.8CVSS7.2AI score0.00397EPSS
Exploits1
Veracode
Veracode
added 2025/11/04 6:56 a.m.4 views

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...

7.3CVSS7AI score0.00205EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30281

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00186EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30277

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00205EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-9905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 mod...

7.3CVSS7.8AI score0.00205EPSS
Exploits1References3
OSV
OSV
added 2025/09/19 9:31 a.m.3 views

GHSA-36FQ-JGMW-4R9C Keras is vulnerable to Deserialization of Untrusted Data

Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted .keras model archive, even when safemode=True. The issue arises because the archive’s config.json is parsed before layer deserialization. This can invoke...

8.7CVSS7.7AI score0.00186EPSS
Exploits0References7
OSV
OSV
added 2025/09/19 9:31 a.m.6 views

GHSA-77WQ-646F-JRM2 Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One c...

7.3CVSS7.4AI score0.00205EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/09/19 9:31 a.m.9 views

Keras is vulnerable to Deserialization of Untrusted Data

Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted .keras model archive, even when safemode=True. The issue arises because the archive’s config.json is parsed before layer deserialization. This can invoke...

8.6CVSS7.7AI score0.00186EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/09/19 9:15 a.m.9 views

PYSEC-2025-123

The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...

7.3CVSS6AI score0.00205EPSS
Exploits1References2
NVD
NVD
added 2025/09/19 9:15 a.m.6 views

CVE-2025-9906

The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...

8.6CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/09/19 9:15 a.m.5 views

CVE-2025-9905

The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...

7.3CVSS0.00205EPSS
Exploits1References2
Rows per page
Query Builder