Lucene search
K

52 matches found

NVD
NVD
added 2025/05/05 7:15 p.m.12 views

CVE-2025-43850

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...

9.8CVSS0.00762EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/05 6:20 p.m.15 views

CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...

9.3CVSS0.00762EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/05 6:20 p.m.8 views

CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...

9.3CVSS7.4AI score0.00762EPSS
Exploits0References5
OSV
OSV
added 2025/05/05 6:20 p.m.5 views

CVE-2025-43849 GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpta and cpktb variables take user input e.g. a path to a model and pass it to the merge function in processckpt.py, which uses them...

9.3CVSS8AI score0.00762EPSS
Exploits0References7
NVD
NVD
added 2025/05/05 6:15 p.m.14 views

CVE-2025-43846

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath1 variable takes user input e.g. a path to a model and passes it to the showinfo function in processckpt.py, which uses it to loa...

9.8CVSS0.00772EPSS
Exploits0References4
CVE
CVE
added 2025/05/05 5:54 p.m.55 views

CVE-2025-43848

CVE-2025-43848 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project) up to version 2.2.231006. The flaw is unsafe deserialization in process_ckpt.py: ckpt_path0 accepts user input (e.g., a model path) and passes it to torch.load via change_info, enabling remote code execution. At publicati...

9.8CVSS7.4AI score0.00772EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/05 5:16 p.m.5 views

CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath1 variable takes user input e.g. a path to a model and passes it to the showinfo function in processckpt.py, which uses it to loa...

9.3CVSS8.1AI score0.00772EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.6 views

PT-2025-19766 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI, a voice changing framework based on VITS, is susceptible to unsafe deserialization. The model choose variable accepts...

9.8CVSS6.8AI score0.00806EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.4 views

PT-2025-19750 · Vits +2 · Vits +2

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: The issue concerns unsafe deserialization in the Retrieval-based-Voice-Conversion-WebUI voice changing framework, which is based on VITS. The ckpt path2 variabl...

9.8CVSS7.2AI score0.00772EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/03/21 10:26 p.m.8 views

CVE-2025-27779

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.8CVSS8.1AI score0.00845EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

AgentScope Deserialization Vulnerability

A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...

9.8CVSS8.5AI score0.01631EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/03/19 9:15 p.m.36 views

CVE-2025-27778

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.8CVSS0.00896EPSS
Exploits0References6
NVD
NVD
added 2025/03/19 9:15 p.m.7 views

CVE-2025-27780

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

9.8CVSS0.00845EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.9 views

CVE-2025-27778 Applio allows unsafe deserialization in infer.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.3CVSS7.4AI score0.00896EPSS
Exploits0References6
CVE
CVE
added 2025/03/19 8:22 p.m.63 views

CVE-2025-27781

Applio is affected by CVE-2025-27781 through unsafe deserialization in the inference.py module (and related tts.py input handling). Versions 3.2.8-bugfix and prior are vulnerable because user-supplied model_file values are passed to change_choices/get_speakers_id, which loads models with torch.lo...

9.8CVSS7.4AI score0.00845EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 8:22 p.m.8 views

CVE-2025-27781 Applio allows unsafe deserialization in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...

9.3CVSS7.5AI score0.00845EPSS
Exploits0References5
OSV
OSV
added 2025/03/19 8:22 p.m.6 views

CVE-2025-27781 Applio allows unsafe deserialization in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. modelfile in inference.py as well as modelfile in tts.py take user-supplied input e.g. a path to a model and pass that value to the changechoices and later to getspeakersid...

9.3CVSS8AI score0.00845EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/03/19 8:16 p.m.13 views

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

9.3CVSS0.00845EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2023-37895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including...

9.8CVSS8.9AI score0.02657EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/02/18 7:8 p.m.488 views

Exploit for Deserialization of Untrusted Data in Ibm Sterling_B2B_Integrator

IBM Sterling B2B Integrator PoC Proof of concept code for the...

8.8CVSS7.5AI score0.00968EPSS
Exploits1
Rows per page
Query Builder