77 matches found
EUVD-2026-34187
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...
CVE-2026-10783
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...
CVE-2026-10783
CVE-2026-10783 – gradio-app gradio 6.14.0 : The flaw affects the Audio Cache Key Handler’s save_audio_to_cache function. Manipulation can trigger the use of a weak hash. Exploitation requires local access and is deemed high complexity; an in-the-wild exploit has been released to the public. Patch...
CVE-2026-10783 gradio-app gradio Audio Cache Key save_audio_to_cache weak hash
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...
PT-2026-46072
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save audio to cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...
EUVD-2025-6925
Malicious code in bioql PyPI...
EUVD-2024-1039
Malicious code in bioql PyPI...
EUVD-2025-7101
Malicious code in bioql PyPI...
EUVD-2025-7028
Malicious code in bioql PyPI...
EUVD-2025-6820
Malicious code in bioql PyPI...
EUVD-2024-32805
Malicious code in bioql PyPI...
EUVD-2023-0090
Malicious code in bioql PyPI...
EUVD-2024-2050
Malicious code in bioql PyPI...
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...
CVE-2025-5320
CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...
CVE-2024-1729
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...
CVE-2023-6572
Command Injection in GitHub repository gradio-app/gradio prior to main...
CVE-2024-12217
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...
CVE-2024-12759
In bentoml/bentoml version 1.3.9, the /login endpoint of the newly integrated Gradio app is vulnerable to a Denial of Service DoS attack. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously...