Alibaba Cloud Linux 3 : 0189: cups (ALINUX3-SA-2024:0189)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0189 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-35235: OpenPrinting CUPS is an open source...

TOTOLINK A3002R 安全漏洞

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the FUN00459fdc function failing to properly filter constructed command special characters, commands, etc. The vulnerability can be...

NetAlertX 安全漏洞

NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. A security vulnerability exists in NetAlertX versions prior to 23.01.14 through 24.10.12, which stems from unauthenticated command injection and could lead to arbitrary command execution...

PT-2025-15: Kiosk restriction bypass in RED OS

The vulnerability was identified in RedOS, versions 7.3.5-20241106.3. The discovered vulnerability in the RedOS kiosk utility due to incorrect restrictions. Exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the system outside the imposed restrictions...

CVE-2025-44023

An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the accountmgr.cgi-cgichgadminpw components...

Tenda AC9 Command Injection Vulnerability

Tenda AC9 is a router firmware. Tenda AC9 suffers from a command injection vulnerability that stems from improper handling of the Telnet function, which could lead to the execution of arbitrary commands. No detailed vulnerability details are provided at this time...

CVE-2025-43842

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...

CVE-2025-43844

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...

TOTOLINK A830R Command Injection Vulnerability (CNVD-2025-09866)

The TOTOLINK A830R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A830R version V4.1.2cu.5182B20201102, which stems from the failure of the NoticeUrl parameter in the setNoticeCfg function to correctly filter constructed...

TOTOLINK A950RG/A810R Command Execution Vulnerability

TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...

D-Link DIR-890L和D-Link DIR-806A1 安全漏洞

D-Link DIR-890L and D-Link DIR-806A1 are both products of China's AUO D-Link.D-Link DIR-890L is a wireless router.D-Link DIR-806A1 is a dual-band wireless router that supports AC750 wireless rate and USB sharing function. The D-Link DIR-890L and D-Link DIR-806A1 suffer from a command injection...

D-Link DIR-600L 注入漏洞

The D-Link DIR-600L is a wireless router from China's AUO D-Link. The D-Link DIR-600L suffers from a command injection vulnerability that stems from the wakeonlan function parameter host failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...

D-Link DIR-600L 注入漏洞

The D-Link DIR-600L is an entry-level wireless router from China-based AUO D-Link that supports 150Mbps wireless transmission and four 100Gbps wired ports. The D-Link DIR-600L suffers from a command injection vulnerability that stems from the formSysCmd function parameter host failing to properly...

goshs 访问控制错误漏洞

goshs is a simple HTTP Server written in Go by Patrick Hener Personal Developer. An access control error vulnerability exists in goshs versions prior to 1.0.5 that stems from not checking the cli option -c, which could lead to arbitrary command execution...

CVE-2025-43844

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...

CVE-2025-43842

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...

CVE-2025-43844 GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...

CVE-2025-43844

CVE-2025-43844 affects Retrieval-based-Voice-Conversion-WebUI (VITS-based) with versions 2.2.231006 and earlier. The root cause is that input variables (e.g., exp_dir1) are passed into the click_train function and concatenated into a shell command executed on the server, enabling arbitrary comman...

CVE-2025-43843

CVE-2025-43843 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project)

CVE-2025-43843 GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7 and f0method8 take user input and pass it into the extractf0feature function, which concatenates them into a command th...