Lucene search
K

297 matches found

Veracode
Veracode
added 2025/10/06 8:32 a.m.5 views

Interger Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of integer calculations during model loading, which allows an attacker to cause smaller-than-expected memory allocations leading to potential code execution or other unintended effects...

9.8CVSS7.8AI score0.00571EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-21559

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00661EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-21560

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00661EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24608

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00993EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21561

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00661EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13509

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00766EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-53164

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53160

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53161

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00135EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52178

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21558

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00639EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23967

Malicious code in bioql PyPI...

8.4CVSS6.3AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30277

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00205EPSS
Exploits1References4
Veracode
Veracode
added 2025/10/01 6:52 a.m.6 views

Heap Buffer Overflow

executorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to achieve code execution or cause other undesirable effects...

9.8CVSS7.7AI score0.0064EPSS
Exploits0References3Affected Software3
Veracode
Veracode
added 2025/10/01 6:32 a.m.5 views

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to place objects outside their allocated memory area leading to potential code execution or other undesirable effects...

9.8CVSS7.8AI score0.00571EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2025/10/01 5:46 a.m.5 views

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of model loading, which allows an attacker to trigger overlapping allocations leading to potential code execution or other undesirable effects...

9.8CVSS7.8AI score0.00571EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2025/09/19 9:31 a.m.5 views

Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One c...

7.3CVSS7.4AI score0.00205EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/09/19 9:15 a.m.5 views

CVE-2025-9905

The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...

7.3CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2025/09/19 9:15 a.m.9 views

PYSEC-2025-123

The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...

7.3CVSS6AI score0.00205EPSS
Exploits1References2
OSV
OSV
added 2025/09/19 9:15 a.m.4 views

AZL-67505 CVE-2025-9905 affecting package keras for versions less than 3.3.3-4

The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...

7.3CVSS7.4AI score0.00205EPSS
Exploits1References1
Rows per page
Query Builder