Lucene search
K

444 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-35229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed...

5.4CVSS6.9AI score0.00602EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/21 2:27 p.m.8 views

UnoPim vulnerable to CSRF on Product edit feature and creation of other types

Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. | Method | Endpoint | Status | Reason | |:------:|:------:|:------:|:------:| | POST | /admin/catalog/products/create | Not Vulnerable :whitecheckmark: | X-XSRF-TOKEN header used | | GET |...

8.2CVSS6.6AI score0.00143EPSS
Exploits1References4Affected Software1
Akamai Blog
Akamai Blog
added 2025/08/13 10:20 a.m.4 views

Agentic AI: How Autonomous Agents are Changing the Game

...

7AI score
Exploits0
Securelist
Securelist
added 2025/08/13 8:0 a.m.7 views

New trends in phishing and scams: how AI and social media are changing the game

Introduction Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events:...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/06/30 5:40 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of permissions in the playbook run participant management process. An attacker can gain unauthorized access to sensitive channel content and escalate privileges by adding or removing user...

5.4CVSS6.8AI score0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:26 a.m.7 views

CVE-2023-43508

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete...

6.5CVSS7.1AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.9 views

CVE-2023-6689

A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application...

8.8CVSS6.9AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/20 11:15 p.m.12 views

CVE-2024-55893

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS6.9AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 6:25 p.m.9 views

CVE-2025-43848

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath0 variable takes user input e.g. a path to a model and passes it to the changeinfo function in processckpt.py, which uses it to...

9.8CVSS7.8AI score0.00766EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 5:28 p.m.8 views

CVE-2025-43842

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...

9.8CVSS7.6AI score0.02103EPSS
Exploits0References1
NVD
NVD
added 2025/05/05 7:15 p.m.12 views

CVE-2025-43849

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...

9.8CVSS0.00757EPSS
Exploits0References5
CVE
CVE
added 2025/05/05 6:21 p.m.60 views

CVE-2025-43851

The CVE-2025-43851 entry concerns Retrieval-based-Voice-Conversion-WebUI (RVC) with versions 2.2.231006 and earlier. The root cause is unsafe deserialization in Python code: user-controlled input (model_choose) is passed to the uvr function, which creates an AudioPre instance and uses torch.load ...

9.8CVSS7.4AI score0.008EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/05/05 6:20 p.m.52 views

CVE-2025-43850

The CVE affects Retrieval-based-Voice-Conversion-WebUI (RVC) versions 2.2.231006 and earlier. The root cause is unsafe deserialization: the ckpt_dir input is passed to export.py’s change_info function, which loads a model with torch.load, enabling remote code execution. Public documentation confi...

9.8CVSS7.4AI score0.00757EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/05 6:20 p.m.5 views

CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...

9.3CVSS8AI score0.00757EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/05/05 6:20 p.m.13 views

CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...

9.3CVSS0.00757EPSS
Exploits0References5
CVE
CVE
added 2025/05/05 6:20 p.m.57 views

CVE-2025-43849

CVE-2025-43849 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project). Versions up to 2.2.231006 are vulnerable due to unsafe deserialization in process_ckpt.py: the ckpt_a and cpkt_b inputs are passed to the merge function, which uses torch.load on user-provided paths, enabling remote code...

9.8CVSS7.4AI score0.00757EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/05/05 6:15 p.m.12 views

CVE-2025-43845

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...

9.8CVSS0.00793EPSS
Exploits0References4
OSV
OSV
added 2025/05/05 5:16 p.m.5 views

CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath1 variable takes user input e.g. a path to a model and passes it to the showinfo function in processckpt.py, which uses it to loa...

9.3CVSS8.1AI score0.00766EPSS
Exploits0References6
CVE
CVE
added 2025/05/05 5:11 p.m.55 views

CVE-2025-43844

CVE-2025-43844 affects Retrieval-based-Voice-Conversion-WebUI (VITS-based) with versions 2.2.231006 and earlier. The root cause is that input variables (e.g., exp_dir1) are passed into the click_train function and concatenated into a shell command executed on the server, enabling arbitrary comman...

9.8CVSS7.2AI score0.02103EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/05/05 5:8 p.m.63 views

CVE-2025-43842

The CVE-2025-43842 entry concerns Retrieval-based-Voice-Conversion-WebUI (VITS-based). Affected: versions 2.2.231006 and earlier. The root cause: user-provided inputs in variables exp_dir1, np7, trainset_dir4, and sr2 are fed into preprocess_dataset, concatenated into a server-side command, enabl...

9.8CVSS7.5AI score0.02103EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder