14 matches found
CVE-2026-43624
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
EUVD-2026-33744
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
CVE-2026-43624
F5-TTS up to v1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized project names to os.path.join() without validating the resulting path. An attacker can supply absolute paths (e.g., /t...
CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
CVE-2026-43624
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
EUVD-2024-0113
Malicious code in bioql PyPI...
Deserialization Of Untrusted Data
MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...
GHSA-FR9Q-RGWQ-G5R5 MindsDB Deserialization of Untrusted Data vulnerability
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...
MindsDB Deserialization of Untrusted Data vulnerability
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...
PYSEC-2024-85
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...
PYSEC-2024-85
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...
CVE-2024-45855
CVE-2024-45855 affects MindsDB platform (versions 23.10.2.0 and newer) where deserialization of untrusted data during the finetune process can allow a maliciously uploaded model to execute arbitrary code on the server. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with c...
PT-2024-31812 · Mindsdb · Mindsdb
Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.2.0 and newer Description: The issue concerns the deserialization of untrusted data in the MindsDB platform. This allows a maliciously uploaded 'inhouse' model to run arbitrary code on the server when using 'finetune' o...
PT-2024-24365 · Kohya Ss · Kohya Ss
Name of the Vulnerable Software and Affected Versions: Kohya ss versions 22.6.1 through 23.1.4 Description: Kohya ss is a GUI for Kohya's Stable Diffusion trainers. The issue is related to command injection in the finetune gui.py file. This vulnerability is fixed in version 23.1.5. Recommendation...