17 matches found
EUVD-2025-13502
Malicious code in bioql PyPI...
EUVD-2025-13509
Malicious code in bioql PyPI...
CVE-2025-43851
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , a new instance of...
CVE-2025-43847
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...
CVE-2025-43852 GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , if modelname contains t...
CVE-2025-43851 GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , a new instance...
CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...
CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...
CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...
CVE-2025-43848
CVE-2025-43848 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project) up to version 2.2.231006. The flaw is unsafe deserialization in process_ckpt.py: ckpt_path0 accepts user input (e.g., a model path) and passes it to torch.load via change_info, enabling remote code execution. At publicati...
CVE-2025-43847
CVE-2025-43847 affects Retrieval-based-Voice-Conversion-WebUI (RVC) up to version 2.2.231006. The flaw is unsafe deserialization via the ckpt_path2 input passed to process_ckpt.py’s extract_small_model, which uses torch.load to load a model from a user-supplied path. This leads to remote code exe...
CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath1 variable takes user input e.g. a path to a model and passes it to the showinfo function in processckpt.py, which uses it to loa...
CVE-2025-43845 GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...
CVE-2025-43845
CVE-2025-43845 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project) up to version 2.2.231006. The root cause is a vulnerable ckpt_path2 handling: user input is passed to change_info_ which opens the path (altering to train.log) and feeds file contents to eval, enabling remote code executi...
CVE-2025-43843 GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI
Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7 and f0method8 take user input and pass it into the extractf0feature function, which concatenates them into a command th...
PT-2025-19759
Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The ckpt path0 variable takes user input, such as a path to a model, and...
Design/Logic Flaw
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and...