110 matches found
CVE-2025-27781 Applio allows unsafe deserialization in inference.py
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...
CVE-2025-27780 Applio allows unsafe deserialization in model_information.py
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...
CVE-2025-27780 Applio allows unsafe deserialization in model_information.py
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...
CVE-2025-27780
Summary: CVE-2025-27780 affects Applio (versions ≤ 3.2.8-bugfix). It stems from unsafe deserialization in model_information.py where model_name accepts user-supplied input and is passed to torch.load, enabling remote code execution. Impact: remote code execution potential. Status/Remediation: a p...
CVE-2025-27780 Applio allows unsafe deserialization in model_information.py
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...
Applio 注入漏洞
Applio is an open source AI speech conversion tool from Spanish AI Hispano. An injection vulnerability exists in Applio 3.2.8-bugfix and earlier versions, which stems from a denial of service issue in restart.py, where the modelname parameter of train.py accepts user input and passes it to the...
PT-2025-11976 · Applio · Applio
Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool. It is susceptible to server-side request forgery SSRF and file write vulnerabilities in model download.py line 156 in version 3.2.7. The blind SSRF allows sending...
PT-2025-11980 · Applio · Applio
Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool vulnerable to unsafe deserialization in infer.py. This issue can lead to remote code execution. A fix was available on the main branch of the Applio...
PT-2025-11979 · Applio · Applio
Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool. The issue allows for server-side request forgery SSRF in model download.py, which can be leveraged to probe for other vulnerabilities on the server itself or on...
Applio 路径遍历漏洞
Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in inference.py, and could lead to the writing of an arbitrary file on the Applio server, or ...
Applio 代码问题漏洞
Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.8-bugfix and earlier versions, which stems from an insecure deserialization issue in inference.py that could lead to remote code execution...
PT-2025-11977 · Applio · Applio
Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool vulnerable to server-side request forgery SSRF and file write within the model download.py file line 143 in version 3.2.7. The SSRF allows sending requests on beha...
Applio 信息泄露漏洞
Applio is an open source AI speech conversion tool from Spanish AI Hispano. An information disclosure vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file read issue in the exportpth function of train.py, which could lead to reading arbitrary files on...
Applio 代码问题漏洞
Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, which could lead an attacker to send a request on behalf of t...
Applio 代码问题漏洞
Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an insecure deserialization issue in infer.py that could lead to remote code execution...
Applio 代码问题漏洞
Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, and could lead to an attacker sending requests on behalf of t...
Applio 代码问题漏洞
Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, which could lead an attacker to send a request on behalf of t...
Applio 代码问题漏洞
Applio is an open source AI speech conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an insecure deserialization issue in modelinformation.py that could lead to remote code execution...
Applio 路径遍历漏洞
Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in train.py, and could lead to the writing of arbitrary files on the Applio server, or in...
PT-2025-11965 · Applio +1 · Applio +1
Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: Applio is a voice conversion tool. The issue concerns unsafe deserialization in the tool, specifically in the inference.py file. The model file variable in both inference.py and tts.py takes...