Lucene search
K

110 matches found

OSV
OSV
added 2025/03/19 8:22 p.m.6 views

CVE-2025-27781 Applio allows unsafe deserialization in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...

9.3CVSS8AI score0.00845EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/03/19 8:16 p.m.13 views

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

9.3CVSS0.00845EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/19 8:16 p.m.6 views

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

9.3CVSS7.4AI score0.00845EPSS
Exploits0References4
CVE
CVE
added 2025/03/19 8:16 p.m.60 views

CVE-2025-27780

Summary: CVE-2025-27780 affects Applio (versions ≤ 3.2.8-bugfix). It stems from unsafe deserialization in model_information.py where model_name accepts user-supplied input and is passed to torch.load, enabling remote code execution. Impact: remote code execution potential. Status/Remediation: a p...

9.8CVSS7.5AI score0.00845EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/19 8:16 p.m.6 views

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

9.3CVSS8AI score0.00845EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

Applio 注入漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. An injection vulnerability exists in Applio 3.2.8-bugfix and earlier versions, which stems from a denial of service issue in restart.py, where the modelname parameter of train.py accepts user input and passes it to the...

8.8CVSS7AI score0.00744EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.4 views

PT-2025-11976 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool. It is susceptible to server-side request forgery SSRF and file write vulnerabilities in model download.py line 156 in version 3.2.7. The blind SSRF allows sending...

9.3CVSS7.3AI score0.00531EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.5 views

PT-2025-11980 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool vulnerable to unsafe deserialization in infer.py. This issue can lead to remote code execution. A fix was available on the main branch of the Applio...

9.8CVSS7.2AI score0.00896EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.4 views

PT-2025-11979 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool. The issue allows for server-side request forgery SSRF in model download.py, which can be leveraged to probe for other vulnerabilities on the server itself or on...

8.7CVSS6.5AI score0.00394EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

Applio 路径遍历漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in inference.py, and could lead to the writing of an arbitrary file on the Applio server, or ...

9.8CVSS8AI score0.013EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.8-bugfix and earlier versions, which stems from an insecure deserialization issue in inference.py that could lead to remote code execution...

9.8CVSS7.8AI score0.00845EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.4 views

PT-2025-11977 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool vulnerable to server-side request forgery SSRF and file write within the model download.py file line 143 in version 3.2.7. The SSRF allows sending requests on beha...

9.3CVSS7.3AI score0.00531EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Applio 信息泄露漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. An information disclosure vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file read issue in the exportpth function of train.py, which could lead to reading arbitrary files on...

8.7CVSS6AI score0.00525EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, which could lead an attacker to send a request on behalf of t...

9.3CVSS7AI score0.00531EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.4 views

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an insecure deserialization issue in infer.py that could lead to remote code execution...

9.8CVSS7.8AI score0.00896EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, and could lead to an attacker sending requests on behalf of t...

9.3CVSS8AI score0.00531EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.4 views

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, which could lead an attacker to send a request on behalf of t...

9.3CVSS7AI score0.00531EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Applio 代码问题漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an insecure deserialization issue in modelinformation.py that could lead to remote code execution...

9.8CVSS7.8AI score0.00845EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.5 views

Applio 路径遍历漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in train.py, and could lead to the writing of arbitrary files on the Applio server, or in...

9.8CVSS8AI score0.00995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.5 views

PT-2025-11965 · Applio +1 · Applio +1

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool. The issue concerns unsafe deserialization in the tool, specifically in the inference.py file. The model file variable in both inference.py and tts.py takes...

9.8CVSS6.9AI score0.00845EPSS
Exploits0References13
Rows per page
Query Builder