GPT-SoVITS-WebUI 代码问题漏洞

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from unsafe deserialization handling of the AudioPre class when receiving user-submitted serialized data, and can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI changelabel function that can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI opendenoise function, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openasr function. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

Nexxt Solutions NCM-X1800 命令注入漏洞

The Nexxt Solutions NCM-X1800 is a router from Nexxt Solutions. A command injection vulnerability exists in the Nexxt Solutions NCM-X1800 UV1.2.7 and earlier versions, which stems from a command injection that could lead to the execution of arbitrary commands...

PT-2025-29675 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the webui.py open slice function. User-supplied input to slice opt root and...

PT-2025-29677 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions prior to 20250228v3 Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A command injection issue exists in the webui.py open asr function. The asr inp dir variable and other variables accep...

LaRecipe is vulnerable to Server-Side Template Injection attacks

Impact Attackers could: 1. Execute arbitrary commands on the server 2. Access sensitive environment variables 3. Escalate access depending on server configuration A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection SSTI, potentiall...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

WAVLINK WN535K3 安全漏洞

WAVLINK WN535K3 is a wireless router from China Ruiyin WAVLINK. A security vulnerability exists in WAVLINK WN535K3 version 20191010, which originates from a command injection in the newpass parameter of the setsysadm function, which could lead to the execution of arbitrary commands...

CVE-2025-50756

Affected product: Wavlink WN535K3 (version 20191010). Vulnerability: Command injection in the set_sys_adm function via the newpass parameter, allowing arbitrary commands to be executed remotely. Impact: High/critical severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Notes from connected s...

PT-2025-29475 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748 Description: A critical vulnerability exists in the HTTP POST Request Handler component of TOTOLINK T6. The vulnerability is due to command injection in the clearPairCfg function within the /cgi-bin/cstecgi.cgi...

BIT-MARIADB-2023-39593

Insecure permissions in the sysexec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

CVE-2025-52089

CVE-2025-52089 : Totolink N300RB firmware 8.54 contains a hidden remote support feature protected by a static secret. An authenticated attacker can trigger this feature to execute arbitrary OS commands with root privileges. Multiple sources corroborate the vulnerability and affected product/versi...

CVE-2025-34101

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component default port 23423. The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to...

CVE-2025-34101

Serviio Media Server on Windows versions 1.4–1.8 is affected by an unauthenticated command-injection via the /rest/action REST API. The checkStreamUrl method takes a VIDEO parameter and passes it unsanitized to cmd.exe, enabling arbitrary command execution with the web server’s privileges. The RE...

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

CVE-2025-27614 Gitk allows arbitrary command execution

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-27614 Gitk allows arbitrary command execution

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

OS Command Injection

mcp-remote is vulnerable to OS command injection. The vulnerability is due to crafted input from the authorizationendpoint response URL when connecting to untrusted MCP servers, which allows an attacker to execute arbitrary operating system commands...