Lucene search
K

110 matches found

CVE
CVE
added 2025/03/19 8:41 p.m.75 views

CVE-2025-27783

The CVE-2025-27783 entry concerns Applio (voice conversion tool). Affected versions: 3.2.8-bugfix and prior. Root cause: arbitrary file write in train.py, which can write files on the Applio server and, when combined with unsafe deserialization, may enable remote code execution. As of publication...

9.8CVSS7.5AI score0.00995EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 8:41 p.m.17 views

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

8.7CVSS7.5AI score0.00995EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/19 8:41 p.m.38 views

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

8.7CVSS0.00995EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 8:41 p.m.10 views

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

8.7CVSS8.1AI score0.00995EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/03/19 8:41 p.m.11 views

CVE-2025-27784 Applio allows arbitrary file read in train.py export_pth function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS6.4AI score0.00525EPSS
Exploits1References3
CVE
CVE
added 2025/03/19 8:41 p.m.927 views

CVE-2025-27784

Applio CVE-2025-27784 affects Applio voice conversion tool (versions 3.2.8-bugfix and prior). The issue is an arbitrary file read in train.py's export_pth function, allowing reading arbitrary server files. It can be chained with blind server-side request forgery (SSRF) to access files on internal...

8.7CVSS6.3AI score0.00525EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/03/19 8:41 p.m.19 views

CVE-2025-27784 Applio allows arbitrary file read in train.py export_pth function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS0.00525EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/19 8:41 p.m.11 views

CVE-2025-27787 Applio allows a DoS in restart.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service DoS in restart.py. modelname in train.py takes user input, and passes it to the stoptrain function in restart.py, which uses it construct a path to a folder with config.json. That config.json is...

8.8CVSS6.7AI score0.00744EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/19 8:41 p.m.29 views

CVE-2025-27787 Applio allows a DoS in restart.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service DoS in restart.py. modelname in train.py takes user input, and passes it to the stoptrain function in restart.py, which uses it construct a path to a folder with config.json. That config.json is...

8.8CVSS0.00744EPSS
Exploits1References3
OSV
OSV
added 2025/03/19 8:41 p.m.6 views

CVE-2025-27787 Applio allows a DoS in restart.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to denial of service DoS in restart.py. modelname in train.py takes user input, and passes it to the stoptrain function in restart.py, which uses it construct a path to a folder with config.json. That config.json is...

8.8CVSS7AI score0.00744EPSS
Exploits1References5
CVE
CVE
added 2025/03/19 8:41 p.m.79 views

CVE-2025-27787

Applio (versions 3.2.8-bugfix and earlier) is affected by a DoS when restart.py executes. The train.py model_name parameter accepts user input and passes it to stop_train in restart.py, which constructs a path to a folder containing config.json. The config.json’s process_pids list is read and all...

8.8CVSS6.7AI score0.00744EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 8:37 p.m.8 views

CVE-2025-27786 Applio allows arbitrary file removal in core.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...

8.8CVSS6.6AI score0.00513EPSS
Exploits0References3
CVE
CVE
added 2025/03/19 8:37 p.m.83 views

CVE-2025-27786

CVE-2025-27786 affects Applio (voice conversion tool), with versions 3.2.8-bugfix and earlier vulnerable to arbitrary file removal via core.py. The issue arises because output_tts_path in tts.py passes user-controlled input to run_tts_script in core.py; if the path exists, it is removed, enabling...

9.1CVSS6.6AI score0.00513EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/03/19 8:37 p.m.7 views

CVE-2025-27786 Applio allows arbitrary file removal in core.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...

8.8CVSS6.9AI score0.00513EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/19 8:37 p.m.29 views

CVE-2025-27786 Applio allows arbitrary file removal in core.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...

8.8CVSS0.00513EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/19 8:35 p.m.8 views

CVE-2025-27785 Applio allows arbitrary file read in train.py export_index function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportindex function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS6.7AI score0.00515EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/19 8:35 p.m.27 views

CVE-2025-27785 Applio allows arbitrary file read in train.py export_index function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportindex function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS0.00515EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/19 8:22 p.m.9 views

CVE-2025-27781 Applio allows unsafe deserialization in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...

9.3CVSS7.5AI score0.00845EPSS
Exploits0References5
CVE
CVE
added 2025/03/19 8:22 p.m.63 views

CVE-2025-27781

Applio is affected by CVE-2025-27781 through unsafe deserialization in the inference.py module (and related tts.py input handling). Versions 3.2.8-bugfix and prior are vulnerable because user-supplied model_file values are passed to change_choices/get_speakers_id, which loads models with torch.lo...

9.8CVSS7.4AI score0.00845EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/03/19 8:22 p.m.15 views

CVE-2025-27781 Applio allows unsafe deserialization in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...

9.3CVSS0.00845EPSS
Exploits0References5
Rows per page
Query Builder