PT-2025-19749 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The ckpt path1 variable takes user input, such as a path to a model, and...

CVE-2024-12530 Insecure Dynamic-Link Library (DLL) Load vulnerability

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...

CVE-2024-12530

CVE-2024-12530 affects OpenText Secure Content Manager (Windows), specifically version 23.4, due to an Uncontrolled Search Path Element that enables DLL side-loading. This can allow end users to execute malicious code in the trusted context of the thick-client. The issue is locally exploitable wi...

CVE-2024-53880

NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial ...

CVE-2024-21462

Transient DOS while loading the TA ELF file...

CVE-2025-24357

The CVE-2025-24357 issue centers on vLLM’s hf_model_weights_iterator (vllm/model_executor/weight_utils.py) which loads checkpoints via torch.load with weights_only defaulting to False. If malicious pickle data is unpickled, arbitrary code could execute on the host. This vulnerability is highlight...

CVE-2024-56456

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2022-27595

CVE-2022-27595 corresponds to an insecure library loading vulnerability in QNAP’s QVPN Device Client. Multiple connected sources consistently state that a local attacker who already has user access can exploit this issue to execute unauthorized code or commands on affected systems. The problem is...

The vulnerability of the microprogrammed software of the SCALANCE M-800 industrial routers lies in the inability to clean file names before loading, allowing attackers to compromise the integrity of the system.

The vulnerability of the microprogrammed software in industrial routers SCALANCE M-800 relates to the inability to clean file names before loading. Exploiting this vulnerability can allow an intruder to compromise the integrity of the system...

The vulnerability of the python3.dll library, which is an interpreter for the Python programming language, allows attackers to compromise the integrity and accessibility of protected information.

The vulnerability of the python3.dll library, which is responsible for interpreting Python programming language code, is related to the use of an invalid search path during the loading of the vulnerable file after the PySetPath function is called. Exploiting this vulnerability could allow a...

CVE-2024-47718 wifi: rtw88: always wait for both firmware loading attempts

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtwwaitfirmwarecompletion', always wait for both regular and wowlan firmware loading attempts. Otherwise if 'rtwusbintfinit' has failed in 'rtwusbprobe',...

The vulnerability of the log loading function of the HarmonyOS AILife Audio Service platform for managing audio devices allows a malicious actor to elevate their privileges and gain access to read, modify, or delete files.

The vulnerability of the log loading function of the HarmonyOS AILife Audio Service platform relates to an incorrect limitation on the path to the restricted catalog. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and gain access to read, modify, or delete...

RHEL 9 : gdk-pixbuf2 (RHSA-2024:3834)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3834 advisory. The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such...

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

SonicDICOM Media Viewer 安全漏洞

SonicDICOM Media Viewer is a software for viewing medical image files from SonicDICOM, Inc. A security vulnerability exists in SonicDICOM Media Viewer 2.3.2 and prior versions, which stems from a contained DLL search path issue that could lead to unsafe loading of dynamic link libraries...

CVE-2024-1605

CVE-2024-1605 affects BMC Control-M branches 9.0.20 and 9.0.21. On user login, the app loads all DLLs from a directory that has write/read access for all users, allowing potentially malicious libraries to load and execute with the application’s privileges. The CVE details indicate the vulnerabili...

The vulnerability of the software file loading function of the Cisco AppDynamics Controller allows a perpetrator to gain access to protected information.

The vulnerability of the software file loading function of the Cisco AppDynamics Controller is related to deficiencies in path name checking for the directory. Exploiting this vulnerability could allow an attacker operating remotely to gain access to protected information...

The vulnerability of the application software interface for backup/restore services provided by the Apache Solr search server allows a hacker to execute arbitrary code within the system.

The vulnerability of the application programming interface for backup/restore services provided by the Apache Solr search server lies in the lack of restrictions on the loading of files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the system remotely...

The vulnerability of the file loading function of the corporate cloud storage system HGiga OAKlouds allows a attacker to execute arbitrary code.

The vulnerability of the file loading function of the corporate cloud storage system HGiga OAKlouds relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted file...