CVE-2025-27780

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2025-27780

creationtimestamp| type| source ---|---|--- 2025-03-19 22:01:14+00:00| published-proof-of-concept| Telegram/jlMT5pQePgK5GBSq5wMoupEVU9UT7ofYY1WgfO6aSFHSaLY 2025-03-19 23:00:34+00:00| seen| https://t.me/cvedetector/20681 2025-03-20 00:49:02+00:00| seen|...

CVE-2025-27780

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2025-27780

Summary: CVE-2025-27780 affects Applio (versions ≤ 3.2.8-bugfix). It stems from unsafe deserialization in model_information.py where model_name accepts user-supplied input and is passed to torch.load, enabling remote code execution. Impact: remote code execution potential. Status/Remediation: a p...

CVE-2024-27780

Multiple Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...

CVE-2024-27780

Multiple Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...

CVE-2024-27780

Multiple Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...

Photon OS 3.0: Curl PHSA-2022-3.0-0406

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0406. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Curl PHSA-2022-4.0-0205

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0205. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

BELL-CVE-2020-27780 CVE-2020-27780 does not affect BellSoft software

Bulletin has no description...

USN-5412-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...

CVE-2022-27780 affecting package curl 7.76.0-9

CVE-2022-27780 affecting package curl 7.76.0-9. This CVE either no longer is or was never applicable...

CVE-2022-27780 affecting package curl for versions less than 7.83.1-1

CVE-2022-27780 affecting package curl for versions less than 7.83.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-27780

CVE-2022-27780 affects curl: the URL parser can wrongly decode percent-encoded separators in the host portion, causing a URL like http://example.com%2F127.0.0.1/ to be interpreted as http://example.com/127.0.0.1/, potentially bypassing filters. Affected software is curl (core library). The flaw’s...

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

CVE-2021-27780

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment...

CVE-2021-27780 HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment...