Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10276 matches found

Veracode
Veracodeadded 2025/03/13 3:28 a.m.8 views

Insufficient Verification Of Data Authenticity

PickleScan is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to a discrepancy in filename handling due to differences between ZIP header filenames and directory listing filenames, which allows an attacker to bypass detection by causing PickleScan to crash...

6.5CVSS6.6AI score0.00144EPSS
Exploits1References7Affected Software1
Packet Storm
Packet Stormadded 2025/03/13 12:0 a.m.301 views

Craft CMS 3.9.14 Remote Command Execution

Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...

9.3CVSS7.4AI score0.93926EPSS
Exploits9
OSV
OSVadded 2025/03/12 7:28 p.m.20 views

GHSA-Q92J-GRW3-H492 graphql allows remote code execution when loading a crafted GraphQL schema

Summary Loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas...

9CVSS7.6AI score0.01361EPSS
Exploits2References15
Github Security Blog
Github Security Blogadded 2025/03/12 7:28 p.m.46 views

graphql allows remote code execution when loading a crafted GraphQL schema

Summary Loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas...

9CVSS7.6AI score0.01361EPSS
Exploits2References15Affected Software1
NVD
NVDadded 2025/03/12 7:15 p.m.15 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.01361EPSS
Exploits2References11
OSV
OSVadded 2025/03/12 7:15 p.m.1 views

UBUNTU-CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS6.1AI score0.01361EPSS
Exploits2References12
OSV
OSVadded 2025/03/12 6:15 p.m.20 views

CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.2AI score0.01361EPSS
Exploits2References13
CVE
CVEadded 2025/03/12 6:15 p.m.271 views

CVE-2025-27407

CVE-2025-27407 concerns graphql-ruby: loading a malicious schema via GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can lead to remote code execution. Affected versions are pre-patches: 1.11.5–1.11.7, 1.11.? (and 1.12.24, 1.13.23, 2.0.31, 2.1.13, 2.2.16, 2.3.20). Patches exi...

9CVSS9.4AI score0.01361EPSS
Exploits2References11
Debian CVE
Debian CVEadded 2025/03/12 6:15 p.m.47 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.1AI score0.01361EPSS
Exploits2
Github Security Blog
Github Security Blogadded 2025/03/11 8:7 p.m.11 views

Arbitrary Code Execution via Crafted Keras Config for Model Loading

Impact The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their...

9.8CVSS7.2AI score0.09875EPSS
Exploits3References8Affected Software1
CVE
CVEadded 2025/03/11 4:28 p.m.96 views

CVE-2024-9157

Technical details about CVE-2024-9157 are not present in the provided documents. No affected products, impact, or remediation are specified here. Monitor for updates from the referenced sources.

7.8CVSS7.6AI score0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/03/11 12:29 p.m.5 views

CVE-2025-1550

A flaw was found in Keras. This vulnerability allows arbitrary code execution via a maliciously crafted .keras archive that manipulates the config.json file to load and execute arbitrary Python modules and functions, even with safemode=True. Mitigation In order to reduce the success of the attack...

8.2CVSS7.3AI score0.09875EPSS
Exploits3References4
PyPA
PyPAadded 2025/03/11 9:15 a.m.5 views

PYSEC-2025-122

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

9.8CVSS6.7AI score0.09875EPSS
Exploits3References3Affected Software1
OSV
OSVadded 2025/03/11 9:15 a.m.2 views

AZL-58360 CVE-2025-1550 affecting package keras for versions less than 3.3.3-2

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

9.8CVSS6.5AI score0.09875EPSS
Exploits3References1
OSV
OSVadded 2025/03/11 9:15 a.m.3 views

UBUNTU-CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

9.8CVSS7.3AI score0.09875EPSS
Exploits3References4
Vulnrichment
Vulnrichmentadded 2025/03/11 8:12 a.m.6 views

CVE-2025-1550 Arbitrary Code Execution via Crafted Keras Config for Model Loading

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

7.3CVSS7AI score0.09875EPSS
Exploits3References2
Microsoft CVE
Microsoft CVEadded 2025/03/11 7:0 a.m.24 views

Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability

...

7.8CVSS7.1AI score0.00031EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/03/11 12:0 a.m.4 views

PT-2025-10719

Name of the Vulnerable Software and Affected Versions Keras versions 3.0.0 through 3.7.9 Description The Keras Model.load model function allows for arbitrary code execution, even when safe mode is enabled. This occurs through a maliciously crafted .keras archive. An attacker can modify the...

9.8CVSS7.9AI score0.09875EPSS
Exploits3References39
BDU FSTEC
BDU FSTECadded 2025/03/11 12:0 a.m.1 views

The vulnerability in the signature loading function of the APPE Signature Upgrade module of the DrayTek Vigor router microsoftware allows a violator to execute arbitrary code.

The vulnerability of the signature loading function in the APPE Signature Upgrade microprogramming software for DrayTek Vigor routers allows for unlimited loading of malicious files. Exploiting this vulnerability can enable a hacker to execute arbitrary code...

8.4CVSS8.3AI score0.00064EPSS
Exploits0References4Affected Software20
Github Security Blog
Github Security Blogadded 2025/03/10 6:26 p.m.11 views

Zip Exploit Crashes Picklescan But Not PyTorch

Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...

6.5CVSS6.9AI score0.00144EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder