Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2982 matches found

RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.15 views

CVE-2025-49837

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.8CVSS7.2AI score0.00661EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.18 views

CVE-2025-49839

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.8CVSS7.2AI score0.00661EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.7 views

CVE-2025-49841

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in processckpt.py. The SoVITSdropdown variable takes user input and passes it to the loadsovitsnew function in processckpt.py. In loadsovitsnew, the...

9.8CVSS7.2AI score0.00639EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.14 views

CVE-2025-49833

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...

9.8CVSS7.9AI score0.03372EPSS
Exploits1References1
NVD
NVDadded 2025/07/15 9:15 p.m.13 views

CVE-2025-49835

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...

9.8CVSS0.03377EPSS
Exploits1References5
NVD
NVDadded 2025/07/15 9:15 p.m.6 views

CVE-2025-49836

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

9.8CVSS0.033EPSS
Exploits1References5
NVD
NVDadded 2025/07/15 9:15 p.m.6 views

CVE-2025-49837

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.8CVSS0.00661EPSS
Exploits1References5
NVD
NVDadded 2025/07/15 9:15 p.m.5 views

CVE-2025-49840

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

9.8CVSS0.00639EPSS
Exploits1References4
NVD
NVDadded 2025/07/15 9:15 p.m.8 views

CVE-2025-49833

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...

9.8CVSS0.03372EPSS
Exploits1References5
CVE
CVEadded 2025/07/15 8:43 p.m.28 views

CVE-2025-49841

GPT-SoVITS-WebUI is affected by unsafe deserialization in process_ckpt.py. User input (sovits_path) is passed to torch.load in load_sovits_new, enabling arbitrary code execution. Affected versions: 20250228v3 and prior. At publication, no patched versions are available. No exploitation details ar...

9.8CVSS6.5AI score0.00639EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/07/15 8:43 p.m.5 views

CVE-2025-49841 GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in processckpt.py. The SoVITSdropdown variable takes user input and passes it to the loadsovitsnew function in processckpt.py. In loadsovitsnew, the...

9.3CVSS6.8AI score0.00639EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2025/07/15 8:42 p.m.4 views

CVE-2025-49840 GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

9.3CVSS6.5AI score0.00639EPSS
Exploits1References4
CVE
CVEadded 2025/07/15 8:42 p.m.24 views

CVE-2025-49840

GPT-SoVITS-WebUI is affected by an unsafe deserialization vulnerability in the component inference_webui.py . In versions 20250228v3 and earlier, the GPT_dropdown input is passed to the function change_gpt_weights , where user input (gpt_path) is used with torch.load , causing unsafe deserializat...

9.8CVSS6.5AI score0.00639EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/07/15 8:40 p.m.7 views

CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.3CVSS6.8AI score0.00661EPSS
Exploits1References7
Vulnrichment
Vulnrichmentadded 2025/07/15 8:34 p.m.6 views

CVE-2025-49837 GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.3CVSS6.5AI score0.00661EPSS
Exploits1References5
OSV
OSVadded 2025/07/15 8:34 p.m.5 views

CVE-2025-49837 GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.3CVSS6.8AI score0.00661EPSS
Exploits1References7
CVE
CVEadded 2025/07/15 8:34 p.m.22 views

CVE-2025-49837

GPT-SoVITS-WebUI (versions 20250228v3 and prior) is affected by an unsafe deserialization vulnerability in vr.py AudioPre. The attack surface involves the model_choose input, which is passed into function uvr, where AudioPre is instantiated with a model_path derived from user input and the .pth e...

9.8CVSS6.5AI score0.00661EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2025/07/15 8:31 p.m.5 views

CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

9.3CVSS0.033EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/07/15 8:31 p.m.4 views

CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

9.3CVSS7.2AI score0.033EPSS
Exploits1References5
CVE
CVEadded 2025/07/15 8:31 p.m.18 views

CVE-2025-49836

GPT-SoVITS-WebUI is vulnerable to a command injection in the change_label function of webui.py. In versions up to 20250228v3, the path_list input is concatenated into a command and executed on the server, enabling arbitrary command execution. Documents consistently identify the affected component...

9.8CVSS7.2AI score0.033EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder