CVE-2025-27774 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 156 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

CVE-2025-27774

CVE-2025-27774 affects Applio (versions 3.2.7 and prior) with a server-side request forgery (SSRF) vulnerability and a file write flaw in model_download.py. The blind SSRF lets the Applio server issue requests on its own behalf to internal networks and back-end systems reachable from the server, ...

CVE-2025-27774 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 156 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

CVE-2025-27775

CVE-2025-27775 affects Applio (voice conversion tool), versions 3.2.7 and earlier. The vulnerability is in a server-side request forgery (SSRF) and a file write in model_download.py (line 143 in 3.2.7). The blind SSRF enables the Applio server to issue requests on its behalf to internal or reacha...

CVE-2025-27775 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 143 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

PT-2025-11978 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool that is vulnerable to server-side request forgery SSRF and file write in model download.py. The blind SSRF allows for sending requests on behalf of the Applio serv...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2024-47265

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-39907

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

CVE-2025-0573

CVE-2025-0573 concerns the Sante PACS Server, where the vulnerability lies in the DCM file parsing that fails to validate a user-supplied path before file operations. This directory traversal can allow an unauthenticated, remote attacker to write arbitrary files on the server, running with the cu...

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) File Write DoS

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated...

CVE-2024-11833

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-51743

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

Synology DiskStation Manager (DSM) File Write Vulnerability (Synology-SA-24:20) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Synology DiskStation Manager (DSM) File Write Vulnerability (Synology-SA-24:20) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] [DLA 3884-1] cacti security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 09, 2024 https://wiki.debian.org/LTS -...

Microsoft Exchange ProxyLogon Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...