Lucene search
K

6 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-368 Keras framework vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

9.8CVSS7.5AI score0.0071EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/16 1:48 p.m.9 views

EUVD-2026-36427

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher...

8.8CVSS5.2AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:12 p.m.5 views

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:31 p.m.8 views

Keras framework vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

9.8CVSS7.4AI score0.0071EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.3 views

PT-2023-31332 · Appmysite · Appmysite

Name of the Vulnerable Software and Affected Versions: AppMySite – Create an app with the Best Mobile App Builder versions n/a through 3.11.0 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made...

7.5CVSS7.6AI score0.00452EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...

8.1CVSS5.8AI score0.00783EPSS
Exploits0References3
Rows per page
Query Builder