6 matches found
PYSEC-2026-368 Keras framework vulnerable to deserialization of untrusted data
Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...
EUVD-2026-36427
Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
Keras framework vulnerable to deserialization of untrusted data
Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...
PT-2023-31332 · Appmysite · Appmysite
Name of the Vulnerable Software and Affected Versions: AppMySite – Create an app with the Best Mobile App Builder versions n/a through 3.11.0 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made...
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...