CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

RedhatCVE•added 2026/05/12 8:21 p.m.•11 views

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

7.3CVSS6.1AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2026/05/12 8:21 p.m.•8 views

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

7.3CVSS6.1AI score0.00222EPSS

Exploits0References1

RedhatCVE•added 2026/05/12 8:21 p.m.•7 views

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

5.7CVSS6.1AI score0.00112EPSS

Exploits0References1

EUVD•added 2026/05/12 6:30 p.m.•8 views

EUVD-2026-29555

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

6.5AI score0.00458EPSS

Exploits0References3

NVD•added 2026/05/12 6:16 p.m.•6 views

CVE-2026-31232

8.8CVSS0.00458EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40119

6.5AI score0.00458EPSS

Exploits0References3

CNNVD•added 2026/05/12 12:0 a.m.•6 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability arises from the model loading process, where the .pt files in the user-specified directory are loaded using torch.load, without enabling...

8.8CVSS6.1AI score0.00458EPSS

Exploits0References2

Cvelist•added 2026/05/12 12:0 a.m.•34 views

CVE-2026-31232

0.00458EPSS

Exploits0References2

CVE•added 2026/05/12 12:0 a.m.•8 views

CVE-2026-31232

CVE-2026-31232 affects the CosyVoice project; insecure deserialization (CWE-502) in model loading via --model_dir allows loading .pt files with pickle payloads. torch.load() is called without weights_only=True, enabling arbitrary Python object deserialization and remote code execution when a vict...

8.8CVSS6.5AI score0.00458EPSS

Exploits0References2

EUVD•added 2026/05/11 6:31 p.m.•7 views

EUVD-2026-29099

6.1AI score0.00112EPSS

Exploits0References3

NVD•added 2026/05/11 5:16 p.m.•8 views

CVE-2026-31252

5.7CVSS0.00112EPSS

Exploits0References2

NVD•added 2026/05/11 5:16 p.m.•10 views

CVE-2026-31250

7.3CVSS0.00222EPSS

Exploits0References2

CVE•added 2026/05/11 12:0 a.m.•9 views

CVE-2026-31251

CVE-2026-31251 affects CosyVoice’s gRPC server component. During startup, the server loads the speech synthesis model from a user-specified directory via torch.load() without enabling the weights_only=True security parameter, enabling the pickle-based deserialization of arbitrary Python objects. ...

7.3CVSS6.1AI score0.00218EPSS

Exploits0References2

ATTACKERKB•added 2026/05/11 12:0 a.m.•5 views

CVE-2026-31250

6.1AI score0.00222EPSS

Exploits0References3

CNNVD•added 2026/05/11 12:0 a.m.•6 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability, which stems from the gRPC server component using torch.load to load the voice synthesis model without enabling the weights-only=True security parameter. Thi...

7.3CVSS6.2AI score0.00218EPSS

Exploits0References2

CVE•added 2026/05/11 12:0 a.m.•22 views

CVE-2026-31249

CosyVoice contains an insecure deserialization vulnerability (CWE-502) in its data processing tool make_parquet_list.py. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) with torch.load() without enabling weights_only=True, allowing the deserialization ...

7.3CVSS6.1AI score0.0021EPSS

Exploits0References2

Cvelist•added 2026/05/11 12:0 a.m.•27 views

CVE-2026-31250

0.00222EPSS

Exploits0References2

CVE•added 2026/05/11 12:0 a.m.•13 views

CVE-2026-31252

CosyVoice Web UI vulnerability (CVE-2026-31252) arises from insecure deserialization (CWE-502) in the model loading component. The framework loads model weight files (e.g., llm.pt, flow.pt, hift.pt) with torch.load() without enabling weights_only=True, permitting arbitrary Python object deseriali...

5.7CVSS6.1AI score0.00112EPSS

Exploits0References2

CNNVD•added 2026/05/11 12:0 a.m.•6 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice, which stemmed from the data processing tool makeparquetlist.py using torch.load to load .pt files without enabling the...

7.3CVSS6.2AI score0.0021EPSS

Exploits0References2

CNNVD•added 2026/05/11 12:0 a.m.•6 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice. This vulnerability stemmed from the model loading component using torch.load to load model weight files without enabling th...

5.7CVSS6.2AI score0.00112EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by