CVE-2025-45150

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request...

CVE-2025-45150

CVE-2025-45150 affects LangChain-ChatGLM-Webui (commit ef829). The issue is insecure permissions that could allow an attacker to arbitrarily view and download sensitive files via a crafted request. Public references across NVD, Red Hat, CVE databases and security trackers corroborate this vulnera...

CVE-2025-45150

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request...

LangChain-ChatGLM-Webui 安全漏洞

LangChain-ChatGLM-Webui is an X-D Lab open source AI based on automated quizzing against a local knowledge base. A security vulnerability exists in LangChain-ChatGLM-Webui version ef829, which stems from insecure privileges that allow an attacker to view and download sensitive files via a special...

PT-2025-31654 · Unknown · Langchain-Chatglm-Webui

Name of the Vulnerable Software and Affected Versions: LangChain-ChatGLM-Webui commit ef829 Description: An insecure permissions issue in LangChain-ChatGLM-Webui commit ef829 allows attackers to view and download sensitive files by submitting a crafted request. Recommendations: Address the insecu...

CVE-2025-31965

Improper access restrictions in HCL BigFix Remote Control Server WebUI versions 10.1.0.0248 and lower allow non-admin users to view unauthorized information on certain web pages...

CVE-2025-31965 HCL BigFix Remote Control is affected by an authorization bypass vulnerability

Improper access restrictions in HCL BigFix Remote Control Server WebUI versions 10.1.0.0248 and lower allow non-admin users to view unauthorized information on certain web pages...

PT-2025-31222 · Hcl · Hcl Bigfix Remote Control Server Webui

Name of the Vulnerable Software and Affected Versions: HCL BigFix Remote Control Server WebUI versions 10.1.0.0248 and lower Description: Improper access restrictions in the WebUI allow non-admin users to view unauthorized information on certain web pages. Recommendations: Update HCL BigFix Remot...

GPT-SoVITS-WebUI open_asr function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openasr function. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

GPT-SoVITS-WebUI open_denoise function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI opendenoise function, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI open_slice function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI Code Issue Vulnerability (CNVD-2025-23582)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization processing of processckpt.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI Code Issue Vulnerability (CNVD-2025-23575)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from unsafe deserialization handling of the AudioPre class when receiving user-submitted serialized data, and can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI change_label function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI changelabel function that can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23578)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI Code Issue Vulnerability

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization handling of the AudioPreDeEcho class when receiving serialized data submitted by the user, which can be exploited by an attacker to execute arbitrary commands on...

CVE-2025-49838

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance o...

CVE-2025-49834

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py opendenoise function. denoiseinpdir and denoiseoptdir take user input, which is passed to the opendenoise function, which concatenates the user...

CVE-2025-49840

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

CVE-2025-49835

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...