adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +18 more potentially affected by CVE-2026-0897 via keras (>=3.0.0 <=3.13.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =3.14.3, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-0897 Source advisory: OSV:PYSEC-2026-73...

EUVD-2021-0221

Malware in sbrugna...

EUVD-2021-29524

Malicious code in bioql PyPI...

EUVD-2025-0064

Malicious code in bioql PyPI...

EUVD-2025-11897

Malicious code in bioql PyPI...

CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2021-41127

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

CVE-2021-42556

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file...

CVE-2025-32377

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-32377

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

CVE-2025-32377

CVE-2025-32377 involves Rasa Pro voice connectors that fail to enforce authentication even when a token is configured in credentials.yml. The issue allows submitting voice data from unauthenticated sources via affected connectors. The fixed releases apply to audiocodes, audiocodes_stream, and gen...

Rasa Pro 访问控制错误漏洞

Rasa Pro is a specialized code component of Rasa Platform, an enterprise solution from Rasa, for implementing resilient and trusted AI assistants at scale. An access control error vulnerability exists in Rasa Pro that stems from the voice connector not properly implementing authentication, which...

Rasa Pro Missing Authentication For Voice Connector APIs

Vulnerability A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticate...

GHSA-7XQ5-54JP-2MFG Rasa Pro Missing Authentication For Voice Connector APIs

Vulnerability A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticate...

PT-2025-17344 · Rasa · Rasa Pro

Name of the Vulnerable Software and Affected Versions: Rasa Pro versions prior to 3.9.20 Rasa Pro versions prior to 3.10.19 Rasa Pro versions prior to 3.11.7 Rasa Pro versions prior to 3.12.6 Description: A vulnerability has been identified in Rasa Pro where voice connectors do not properly...

Remote Code Execution (RCE)

Rasa is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of maliciously crafted models in Rasa, which allows an attacker to load a model remotely into a Rasa instance if certain security configurations are not in place...

CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...