110 matches found
EUVD-2025-6789
Malicious code in bioql PyPI...
EUVD-2025-6790
Malicious code in bioql PyPI...
EUVD-2025-6791
Malicious code in bioql PyPI...
EUVD-2025-6793
Malicious code in bioql PyPI...
EUVD-2025-6794
Malicious code in bioql PyPI...
EUVD-2025-6786
Malicious code in bioql PyPI...
EUVD-2025-6787
Malicious code in bioql PyPI...
EUVD-2025-6797
Malicious code in bioql PyPI...
CVE-2025-27786
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...
CVE-2025-27777
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...
CVE-2025-27782
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of...
CVE-2025-27784
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...
CVE-2025-27775
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 143 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...
CVE-2025-27779
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...
CVE-2025-27780
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...
CVE-2025-27776
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...
CVE-2025-27785
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportindex function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...
CVE-2025-27781
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...
CVE-2025-27774
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 156 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...
CVE-2025-27783
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...