Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6793

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00995EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6786

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00531EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6789

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/21 10:27 p.m.11 views

CVE-2025-27777

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...

8.7CVSS7.4AI score0.00525EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:26 p.m.8 views

CVE-2025-27779

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.8CVSS8.1AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:26 p.m.8 views

CVE-2025-27780

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

9.8CVSS8.1AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:26 p.m.12 views

CVE-2025-27776

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS8.4AI score0.00531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:25 p.m.8 views

CVE-2025-27785

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportindex function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS7AI score0.00515EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:24 p.m.11 views

CVE-2025-27783

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

9.8CVSS8AI score0.00995EPSS
Exploits0References1
NVD
NVD
added 2025/03/19 9:15 p.m.36 views

CVE-2025-27778

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.8CVSS0.00896EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.11 views

CVE-2025-27777 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...

8.7CVSS6.6AI score0.00394EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 8:42 p.m.8 views

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.3CVSS8AI score0.00845EPSS
Exploits0References6
OSV
OSV
added 2025/03/19 8:37 p.m.7 views

CVE-2025-27786 Applio allows arbitrary file removal in core.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...

8.8CVSS6.9AI score0.00513EPSS
Exploits0References5
CVE
CVE
added 2025/03/19 8:22 p.m.63 views

CVE-2025-27781

Applio is affected by CVE-2025-27781 through unsafe deserialization in the inference.py module (and related tts.py input handling). Versions 3.2.8-bugfix and prior are vulnerable because user-supplied model_file values are passed to change_choices/get_speakers_id, which loads models with torch.lo...

9.8CVSS7.4AI score0.00845EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder