Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

295 matches found

Vulnrichment
Vulnrichmentadded 2025/08/07 10:46 p.m.3 views

CVE-2025-30404

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...

7.8AI score0.00571EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/08/07 12:0 a.m.3 views

executorch 安全漏洞

executorch is an open source PyTorch deployment tool for PyTorch by pytorch. A security vulnerability exists in executorch that stems from multiple buffer overflows when loading a model, which could lead to a crash or code execution...

9.8CVSS7.5AI score0.0064EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/08/07 12:0 a.m.3 views

PT-2025-32322 · Unknown · Executorch

Name of the Vulnerable Software and Affected Versions: ExecuTorch versions prior to commit fb03b6f85596a8f954d97929075335255b6a58d4 Description: An out-of-bounds access issue in the loading of ExecuTorch models can cause the runtime to crash, potentially leading to code execution or other...

9.8CVSS7.7AI score0.00571EPSS
Exploits0References13
CNNVD
CNNVDadded 2025/08/07 12:0 a.m.4 views

executorch 安全漏洞

executorch is a PyTorch deployment tool from pytorch open source. A security vulnerability exists in executorch that stems from out-of-bounds access when loading a model, which could lead to a crash or code execution...

9.8CVSS7.3AI score0.00571EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/08/07 12:0 a.m.4 views

PT-2025-32324 · Unknown · Executorch

Name of the Vulnerable Software and Affected Versions: ExecuTorch versions prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b Description: An integer overflow in the loading of ExecuTorch models can lead to the allocation of smaller-than-expected memory regions. This can potentially result ...

9.8CVSS7.1AI score0.00571EPSS
Exploits0References12
CNNVD
CNNVDadded 2025/08/07 12:0 a.m.3 views

executorch 安全漏洞

executorch is an open source PyTorch deployment tool for PyTorch by pytorch. A security vulnerability exists in executorch that stems from a heap buffer overflow when loading a model, which could lead to code execution...

9.8CVSS7.6AI score0.0064EPSS
Exploits0References3
Veracode
Veracodeadded 2025/08/05 1:40 p.m.3 views

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to exploitation of the MethodNode class, which allows unexpected attribute access via dot notation during model loading...

8.7CVSS6.2AI score0.00132EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.14 views

CVE-2025-49838

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance o...

9.8CVSS7.2AI score0.00661EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.15 views

CVE-2025-49837

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.8CVSS7.2AI score0.00661EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/07/17 9:1 p.m.18 views

CVE-2025-49839

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.8CVSS7.2AI score0.00661EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2025/07/16 12:0 a.m.127 views

📄 Keras 2.15 Remote Code Execution

This exploit abuses insecure deserialization in Keras model loading. By embedding a malicious "function" object inside a .keras file or config.json, an attacker can execute arbitrary system commands as soon as the model is loaded using keras.models.loadmodel or modelfromjson. This proof of concep...

9.8CVSS8AI score0.02803EPSS
Exploits3
NVD
NVDadded 2025/07/15 9:15 p.m.10 views

CVE-2025-49839

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

9.8CVSS0.00661EPSS
Exploits1References5
NVD
NVDadded 2025/07/15 9:15 p.m.4 views

CVE-2025-49838

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance o...

9.8CVSS0.00661EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/07/15 8:43 p.m.6 views

CVE-2025-49841 GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in processckpt.py. The SoVITSdropdown variable takes user input and passes it to the loadsovitsnew function in processckpt.py. In loadsovitsnew, the...

9.3CVSS7.1AI score0.00639EPSS
Exploits1References4
OSV
OSVadded 2025/07/15 8:42 p.m.4 views

CVE-2025-49840 GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

9.3CVSS6.9AI score0.00639EPSS
Exploits1References6
Cvelist
Cvelistadded 2025/07/15 8:42 p.m.6 views

CVE-2025-49840 GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

9.3CVSS0.00639EPSS
Exploits1References4
CVE
CVEadded 2025/07/15 8:42 p.m.21 views

CVE-2025-49840

GPT-SoVITS-WebUI is affected by an unsafe deserialization vulnerability in the component inference_webui.py . In versions 20250228v3 and earlier, the GPT_dropdown input is passed to the function change_gpt_weights , where user input (gpt_path) is used with torch.load , causing unsafe deserializat...

9.8CVSS6.5AI score0.00639EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2025/07/15 8:42 p.m.4 views

CVE-2025-49840 GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

9.3CVSS6.5AI score0.00639EPSS
Exploits1References4
CVE
CVEadded 2025/07/15 8:40 p.m.22 views

CVE-2025-49839

GPT-SoVITS-WebUI contains an unsafe deserialization vulnerability in bsroformer.py (versions 20250228v3 and prior). User-controlled input (model_path) is used to instantiate Roformer_Loader, which appends .ckpt and passes the path to torch.load, enabling unsafe deserialization. At publication, no...

9.8CVSS6.5AI score0.00661EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2025/07/15 8:36 p.m.5 views

CVE-2025-49838 GHSL-2025-050: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance o...

9.3CVSS0.00661EPSS
Exploits1References5
Rows per page
Query Builder