4 matches found
Keras Has A Local File Disclosure Via HDF5 External Storage During Keras Weight Loading
Summary TensorFlow / Keras continues to honor HDF5 “external storage” and "ExternalLink" features when loading weights. A malicious ".weights.h5" or a ".keras" archive embedding such weights can direct "loadweights" to read from an arbitrary readable filesystem path. The bytes pulled from that pa...
CVE-2024-30186
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1...
UBUNTU-CVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...
Bludit 跨站脚本漏洞
Bludit is an open source lightweight blog content management system CMS. cross-site scripting vulnerability exists in Bludit 3.13.1 and prior versions, which stems from a lack of effective filtering and escaping in the About plugin of the software's login panel, leading to a stored cross-site...