Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-13510

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00772EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-13501

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00762EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13513

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.02259EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6793

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00995EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.10 views

CVE-2024-37145

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...

6.1CVSS6.2AI score0.00459EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/07 5:28 p.m.9 views

CVE-2025-43847

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...

9.8CVSS7.8AI score0.00772EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 5:28 p.m.9 views

CVE-2025-43842

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...

9.8CVSS7.6AI score0.02103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/05 5:21 p.m.14 views

CVE-2025-43847 GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...

9.3CVSS0.00772EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/05 5:21 p.m.7 views

CVE-2025-43847 GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...

9.3CVSS7.4AI score0.00772EPSS
Exploits0References4
NVD
NVD
added 2025/05/05 5:18 p.m.13 views

CVE-2025-43842

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7, trainsetdir4 and sr2 take user input and pass it to the preprocessdataset function, which concatenates them into a...

9.8CVSS0.02103EPSS
Exploits0References4
CVE
CVE
added 2025/05/05 5:15 p.m.55 views

CVE-2025-43845

CVE-2025-43845 affects Retrieval-based-Voice-Conversion-WebUI (RVC-Project) up to version 2.2.231006. The root cause is a vulnerable ckpt_path2 handling: user input is passed to change_info_ which opens the path (altering to train.log) and feeds file contents to eval, enabling remote code executi...

9.8CVSS7.6AI score0.00799EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/05 5:11 p.m.13 views

CVE-2025-43844 GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...

9.3CVSS0.02103EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/05 5:9 p.m.25 views

CVE-2025-43843 GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7 and f0method8 take user input and pass it into the extractf0feature function, which concatenates them into a command th...

9.3CVSS0.02259EPSS
Exploits0References7
CVE
CVE
added 2025/05/05 5:8 p.m.65 views

CVE-2025-43842

The CVE-2025-43842 entry concerns Retrieval-based-Voice-Conversion-WebUI (VITS-based). Affected: versions 2.2.231006 and earlier. The root cause: user-provided inputs in variables exp_dir1, np7, trainset_dir4, and sr2 are fed into preprocess_dataset, concatenated into a server-side command, enabl...

9.8CVSS7.5AI score0.02103EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/03/19 9:15 p.m.11 views

CVE-2025-27775

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 143 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS0.00531EPSS
Exploits0References5
NVD
NVD
added 2025/03/19 9:15 p.m.14 views

CVE-2025-27777

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF in modeldownload.py line 195 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself ...

8.7CVSS0.00394EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/05 9:29 p.m.25 views

Flowise Path Injection at /api/v1/openai-assistants-file

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

7.5CVSS6.7AI score0.01761EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2024/07/01 3:53 p.m.103 views

CVE-2024-36420

Flowise CVE-2024-36420 affects Flowise v1.4.3, where the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to insufficient sanitization of the fileName body parameter. The issue enables reading arbitrary files on the server and is documented across multi...

7.5CVSS7.4AI score0.01761EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2023/02/21 12:30 a.m.18 views

GHSA-G9PH-R9HC-34R8 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

6.1CVSS7.4AI score0.03125EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/02/20 12:0 a.m.15 views

CVE-2021-32858 esdoc-publish-html-plugin vulnerable to Cross-site Scripting

esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting XSS issues. There are no known patches for this issue...

6.1CVSS6.2AI score0.00553EPSS
Exploits1References2
Rows per page
Query Builder