444 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-35229
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed...
UnoPim vulnerable to CSRF on Product edit feature and creation of other types
Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. | Method | Endpoint | Status | Reason | |:------:|:------:|:------:|:------:| | POST | /admin/catalog/products/create | Not Vulnerable :whitecheckmark: | X-XSRF-TOKEN header used | | GET |...
Agentic AI: How Autonomous Agents are Changing the Game
...
New trends in phishing and scams: how AI and social media are changing the game
Introduction Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events:...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of permissions in the playbook run participant management process. An attacker can gain unauthorized access to sensitive channel content and escalate privileges by adding or removing user...
CVE-2023-43508
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete...
CVE-2023-6689
A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application...
CVE-2024-55893
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2025-43848
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it to...
CVE-2025-43842
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...
CVE-2025-43849
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...
CVE-2025-43851
The CVE-2025-43851 entry concerns Retrieval-based-Voice-Conversion-WebUI (RVC) with versions 2.2.231006 and earlier. The root cause is unsafe deserialization in Python code: user-controlled input (model_choose) is passed to the uvr function, which creates an AudioPre instance and uses torch.load ...
CVE-2025-43850
The CVE affects Retrieval-based-Voice-Conversion-WebUI (RVC) versions 2.2.231006 and earlier. The root cause is unsafe deserialization: the ckpt_dir input is passed to export.py’s change_info function, which loads a model with torch.load, enabling remote code execution. Public documentation confi...
CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...
CVE-2025-43849
CVE-2025-43849 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project). Versions up to 2.2.231006 are vulnerable due to unsafe deserialization in process_ckpt.py: the ckpt_a and cpkt_b inputs are passed to the merge function, which uses torch.load on user-provided paths, enabling remote code...
CVE-2025-43845
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...
CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath1 variable takes user input e.g. a path to a model and passes it to the showinfo function in processckpt.py, which uses it to loa...
CVE-2025-43844
CVE-2025-43844 affects Retrieval-based-Voice-Conversion-WebUI (VITS-based) with versions 2.2.231006 and earlier. The root cause is that input variables (e.g., exp_dir1) are passed into the click_train function and concatenated into a shell command executed on the server, enabling arbitrary comman...
CVE-2025-43842
The CVE-2025-43842 entry concerns Retrieval-based-Voice-Conversion-WebUI (VITS-based). Affected: versions 2.2.231006 and earlier. The root cause: user-provided inputs in variables exp_dir1, np7, trainset_dir4, and sr2 are fed into preprocess_dataset, concatenated into a server-side command, enabl...