10250 matches found
Security Bulletin: Arbitrary Code Execution in Keras
Summary Keras is used by many machine learning frameworks and applications as part of their deep learning infrastructure. Remote attackers can execute arbitrary code, leading to full system compromise, data breaches, and potential lateral movement where the identified vulnerability is present...
CVE-2025-66909
Turms AI-Serving module prior to v0.10.0 is affected by an image decompression bomb DoS. The ExtendedOpenCVImage class uses OpenCV imread() without validating image dimensions or pixel count before decompression, allowing a crafted compressed image (e.g., PNG) to expand to gigabytes in memory, ca...
PT-2025-52452
Name of the Vulnerable Software and Affected Versions Turms AI-Serving module versions prior to v0.10.0 Description The software contains an image decompression bomb denial of service issue. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java uses OpenCV’s imread function to...
CVE-2019-25228 Kentico Xperience <= 12.0.47 Virtual Context Information Disclosure
An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and...
📄 Keras 2.15 Insecure Deserialization
Keras version 2.15 insecure deserialization proof of concept exploit. A security issue in certain versions of Keras allows attackers to craft a malicious model file typically a .keras or HDF5-based model containing unsafe serialization primitives. When such a model is loaded, the deserialization...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14401)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14406)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14399)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14403)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
CVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
EUVD-2025-203816
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...
CVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...
CVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...
CVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...
CVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
EUVD-2025-203768
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...