Lucene search
K

110 matches found

Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.5 views

CVE-2025-27775 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 143 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS7.7AI score0.00531EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/19 8:42 p.m.17 views

CVE-2025-27776 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS0.00531EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 8:42 p.m.6 views

CVE-2025-27776 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS7.9AI score0.00531EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.21 views

CVE-2025-27776 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS7.5AI score0.00531EPSS
Exploits0References4
CVE
CVE
added 2025/03/19 8:42 p.m.93 views

CVE-2025-27776

CVE-2025-27776 concerns Applio, a voice conversion tool. The connected sources confirm that versions 3.2.7 and earlier are vulnerable to server-side request forgery (SSRF) and to arbitrary file write via model_download.py (line 240 in 3.2.7, with other references noting line numbers 195 and 156 i...

9.3CVSS7.5AI score0.00531EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.11 views

CVE-2025-27777 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...

8.7CVSS6.6AI score0.00394EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/19 8:42 p.m.17 views

CVE-2025-27777 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...

8.7CVSS0.00394EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 8:42 p.m.4 views

CVE-2025-27777 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...

8.7CVSS6.8AI score0.00394EPSS
Exploits0References6
CVE
CVE
added 2025/03/19 8:42 p.m.937 views

CVE-2025-27777

CVE-2025-27777 affects Applio (voice conversion tool). Versions ≤ 3.2.7 contain a server‑side request forgery (SSRF) in model_download.py (line 195 in 3.2.7) that can be used to issue requests on behalf of the Applio server. The issue is described as a blind SSRF, with potential to probe internal...

8.7CVSS6.6AI score0.00394EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.9 views

CVE-2025-27778 Applio allows unsafe deserialization in infer.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.3CVSS7.4AI score0.00896EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/19 8:42 p.m.40 views

CVE-2025-27778 Applio allows unsafe deserialization in infer.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.3CVSS0.00896EPSS
Exploits0References6
OSV
OSV
added 2025/03/19 8:42 p.m.13 views

CVE-2025-27778 Applio allows unsafe deserialization in infer.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.3CVSS8AI score0.00896EPSS
Exploits0References8
CVE
CVE
added 2025/03/19 8:42 p.m.66 views

CVE-2025-27778

CVE-2025-27778 affects Applio's infer.py deserialization routine. Versions 3.2.8-bugfix and earlier are vulnerable to unsafe deserialization, enabling remote code execution. A fix exists on the project’s main branch but has not been released in a numbered version, leaving users on older releases ...

9.8CVSS7.5AI score0.00896EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/03/19 8:42 p.m.8 views

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.3CVSS8AI score0.00845EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/19 8:42 p.m.37 views

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.3CVSS0.00845EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.9 views

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.3CVSS7.4AI score0.00845EPSS
Exploits0References4
CVE
CVE
added 2025/03/19 8:42 p.m.70 views

CVE-2025-27779

CVE-2025-27779 (Applio) : Affects Applio, versions 3.2.8-bugfix and prior. The issue is unsafe deserialization in the model_blender.py file (lines 20–21) triggered when user-supplied input (e.g., a model path) is passed through voice_blender.py’s model_fusion_a/b to run_model_blender_script and e...

9.8CVSS7.5AI score0.00845EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/03/19 8:41 p.m.86 views

CVE-2025-27782

The CVE-2025-27782 entry concerns Applio, a voice-conversion tool. Affected are versions 3.2.8-bugfix and earlier, where the vulnerability exists in inference.py allowing arbitrary file write on the server. This can be combined with unsafe deserialization to achieve remote code execution. As of p...

9.8CVSS7.6AI score0.013EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/03/19 8:41 p.m.23 views

CVE-2025-27782 Applio allows arbitrary file write in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of...

8.7CVSS0.013EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/03/19 8:41 p.m.5 views

CVE-2025-27782 Applio allows arbitrary file write in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of...

8.7CVSS7.5AI score0.013EPSS
Exploits1References5
Rows per page
Query Builder