5 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.
Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "tomcat-embed-core-10.1.46.jar, js-yaml-4.1.0.tgz, keras-2.14.0-py3-none-any.whl, logback-core-1.5.18.jar, werkzeug-3.0.6-py3-none-any.whl" which are vulnerable to "CVE-2025-61795, CVE-2025-64718, CVE-2025-12058, CVE-2025-11226, CVE-2025-66221". This...
CVE-2025-12058
creationtimestamp| type| source ---|---|--- 2025-10-29 10:26:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4dac2nodb2d 2025-11-04 20:06:29+00:00| seen| https://bsky.app/profile/pigondrugs.bsky.social/post/3m4tdj2lzf72o 2025-11-07 14:42:37+00:00| seen|...
a2grunnerp (>=0.1.0 <=0.1.8), a62-emotion (>=0.9.2 <=0.11.4) +1265 more potentially affected by CVE-2025-12058 via keras (>=1.2.1 <=3.11.3)
keras PYPI version =1.2.1, =0.1.0, =0.9.2, =1.0.1, =0.1.0, =1.1.2, =0.0.8, =0.0.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-12058 Source advisory: OSV:GHSA-MQ84-HJQX-CWF2...
CVE-2025-12058
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...