Lucene search
+L

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:35 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.

Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...

8.9CVSS6.1AI score0.00593EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/02 12:58 a.m.6 views

a2grunnerp (>=0.1.0 <=0.1.8), a62-emotion (>=0.9.2 <=0.11.4) +1265 more potentially affected by CVE-2025-12060 +1 more via keras (>=1.2.1 <=3.11.3)

keras PYPI version =1.2.1, =0.1.0, =0.9.2, =1.0.1, =0.1.0, =1.1.2, =0.0.8, =0.0.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-12060, CVE-2025-12638 Source advisory: OSV:GHSA-HJQC-JX6G-RWP9...

8.9CVSS7.4AI score0.00593EPSS
Exploits0
Chainguard
Chainguard
added 2025/11/04 1:23 a.m.15 views

CVE-2025-12060 vulnerabilities

Vulnerabilities for packages: tensorflow-gpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

8.9CVSS6.2AI score0.00593EPSS
Exploits0
OSV
OSV
added 2025/10/30 5:15 p.m.4 views

DEBIAN-CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS8AI score0.00593EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/10/30 5:15 p.m.6 views

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS7.2AI score0.00593EPSS
Exploits0References3
Rows per page
Query Builder