7704 matches found
CVE-2025-59582 WordPress Ajax Load More Plugin <= 7.6.0.2 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through = 7.6.0.2...
CVE-2025-59582
CVE-2025-59582 concerns Ajax Load More (WordPress plugin). The issue is an exposed sensitive data vulnerability where an unauthorized actor could retrieve embedded sensitive data due to insufficient access control in the plugin’s Ajax handling. Affected range stated as from n/a through
CVE-2025-59582 WordPress Ajax Load More Plugin <= 7.6.0.2 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More allows Retrieve Embedded Sensitive Data. This issue affects Ajax Load More: from n/a through 7.6.0.2...
WordPress Ajax Load More Plugin <= 7.6.0.2 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by MD ISMAIL in WordPress Plugin Ajax Load More versions = 7.6.0.2...
WordPress plugin Ajax Load More security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
PT-2025-39052
Name of the Vulnerable Software and Affected Versions Darren Cooney Ajax Load More versions through 7.6.0.2 Description A flaw exists in Darren Cooney Ajax Load More that allows for the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized...
Arbitary Code execution in Keras load_model()
...
OSV-2025-766 Heap-buffer-overflow in Open
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=446027676 Crash type: Heap-buffer-overflow READ 4 Crash state: Open demuxProbe vlcmoduleload...
Linux Distros Unpatched Vulnerability : CVE-2023-53278
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in ubifssysfsinit When insmod ubifs.ko, a kmemleak reported as below:...
The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Note: This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I’ve chosen to do so privately rather than opening a public issue, due to the potential security implications. I also attempted to use the email address listed i...
GHSA-36RR-WW3J-VRJV The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Note: This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I’ve chosen to do so privately rather than opening a public issue, due to the potential security implications. I also attempted to use the email address listed i...
Keras is vulnerable to Deserialization of Untrusted Data
Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted .keras model archive, even when safemode=True. The issue arises because the archive’s config.json is parsed before layer deserialization. This can invoke...
GHSA-36FQ-JGMW-4R9C Keras is vulnerable to Deserialization of Untrusted Data
Arbitrary Code Execution in Keras Keras versions prior to 3.11.0 allow for arbitrary code execution when loading a crafted .keras model archive, even when safemode=True. The issue arises because the archive’s config.json is parsed before layer deserialization. This can invoke...
GHSA-77WQ-646F-JRM2 Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One c...
CVE-2025-9906
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
PYSEC-2025-123
The Keras Model.loadmodelmethod can be exploited to achieve arbitrary code execution, even with safemode=True.One can create a specially crafted .h5/.hdf5model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed.This is achieved by crafting a special .h5archi...
PYSEC-2025-76
The Keras Model.loadmodelmethod can be exploited to achieve arbitrary code execution, even with safemode=True.One can create a specially crafted .kerasmodel archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special config.jso...
CVE-2025-9906
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
DEBIAN-CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...