CVE-2025-27782 Applio allows arbitrary file write in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of...

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

CVE-2025-27783

The CVE-2025-27783 entry concerns Applio (voice conversion tool). Affected versions: 3.2.8-bugfix and prior. Root cause: arbitrary file write in train.py, which can write files on the Applio server and, when combined with unsafe deserialization, may enable remote code execution. As of publication...

CVE-2025-27787 Applio allows a DoS in restart.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service DoS in restart.py. modelname in train.py takes user input, and passes it to the stoptrain function in restart.py, which uses it construct a path to a folder with config.json. That config.json is...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Gibbon Exploit version 25.0.1 Gi...

PT-2025-11976 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool. It is susceptible to server-side request forgery SSRF and file write vulnerabilities in model download.py line 156 in version 3.2.7. The blind SSRF allows sending...

PT-2025-11977 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool vulnerable to server-side request forgery SSRF and file write within the model download.py file line 143 in version 3.2.7. The SSRF allows sending requests on beha...

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, and could lead to an attacker sending requests on behalf of t...

Applio 路径遍历漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in train.py, and could lead to the writing of arbitrary files on the Applio server, or in...

Applio 路径遍历漏洞

Applio is an open source AI speech conversion tool from Spanish AI Hispano. A path traversal vulnerability exists in Applio 3.2.8-bugfix and prior versions, which stems from an arbitrary file write issue in inference.py, and could lead to the writing of an arbitrary file on the Applio server, or ...

PT-2025-11978 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.7 and prior Description: Applio is a voice conversion tool that is vulnerable to server-side request forgery SSRF and file write in model download.py. The blind SSRF allows for sending requests on behalf of the Applio serv...

PT-2025-11983 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: The issue affects a voice conversion tool, allowing for arbitrary file write in the train.py file. This can lead to writing arbitrary files on the server and potentially achieve remote code...

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software lies in the incorrect limitation of the path name in the restricted access catalog, allowing attackers to read and write arbitrary files.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to an incorrect limitation on the name of the path to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files remotely...

GHSA-94VH-GPHV-8PM8 zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write

Summary In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in th...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...

GHSA-8VVX-QVQ9-5948 Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...