43 matches found
EUVD-2020-3401
Malware in sbrugna...
EUVD-2021-13856
Malware in sbrugna...
EUVD-2021-0404
Malware in sbrugna...
EUVD-2023-45579
Malicious code in bioql PyPI...
EUVD-2022-38811
Malicious code in bioql PyPI...
PT-2025-30712 · Undefined · Undefined
⚠️ URGENT: Patch SUSE systems NOW! CVE-2025-02511 CVSS 9.1 in ImageMagick enables RCE via corrupted QOI images. Exploits in the wild likely. Read more: 👉https://t.co/TbZUbUVdBE https://t.co/LnRlPMyeuR...
PT-2025-29288 · Undefined · Undefined
⚠️ Breaking: SUSE warns of high-risk libssh flaw CVE-2025-02278. 🔓 Remote code execution possible—patch NOW! 🔗Read more: 👉 https://t.co/8HM7kXjQ63 InfoSec DevOps https://t.co/53LDWhdn1b...
CVE-2025-49581
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...
CVE-2024-50389
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later...
CVE-2021-32706
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the validDomainWildcard pregmatch filter allows a malicious character through that can be used to execute code, list directories, and...
PT-2025-22059
Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.17.1 RUGGEDCOM ROX MX5000RE versions prior to V2.17.1 RUGGEDCOM ROX RX1400 versions prior to V2.17.1 RUGGEDCOM ROX RX1500 versions prior to V2.17.1 RUGGEDCOM ROX RX1501 versions prior to V2.17.1...
PT-2025-21777
Name of the Vulnerable Software and Affected Versions: The Echo RSS Feed Post Generator plugin for WordPress versions up to, and including, 5.4.8.1 Description: The issue is related to arbitrary file uploads due to missing file type validation in the echo generate featured image function. This...
CVE-2025-46836
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...
PT-2025-21915 · V-Sft · V-Sft
Name of the Vulnerable Software and Affected Versions: V-SFT versions 6.2.5.0 and earlier Description: The issue is related to an out-of-bounds write in the VS6MemInIF!set temp type default function. Opening specially crafted V7 or V8 files may lead to a crash, information disclosure, and arbitra...
PT-2025-19766 · Unknown · Retrieval-Based-Voice-Conversion-Webui
Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI, a voice changing framework based on VITS, is susceptible to unsafe deserialization. The model choose variable accepts...
PT-2025-17670
Name of the Vulnerable Software and Affected Versions: fig2dev version 3.2.9a Description: The issue allows an attacker possible code execution via local input manipulation through the read objects function. Recommendations: For fig2dev version 3.2.9a, consider restricting access to the read...
CVE-2025-20654
In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875...
CVE-2025-27779
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...
CVE-2025-27780
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...
CVE-2025-27781 Applio allows unsafe deserialization in inference.py
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...