CVE-2020-37085

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...

CVE-2020-37085 VirtualTablet Server 3.0.2 - Denial of Service (PoC)

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...

CVE-2020-37085 VirtualTablet Server 3.0.2 - Denial of Service (PoC)

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...

PT-2026-5835

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send say method, causing the server to become...

SunnySideSoft VirtualTablet Server 安全漏洞

SunnySideSoft VirtualTablet Server is a drawing board software developed by SunnySideSoft Corporation. Version 3.0.2 of SunnySideSoft VirtualTablet Server contains a security vulnerability. This vulnerability arises from a denial-of-service vulnerability in the sendsay method when sendinglong...

Malicious code in say-hello-test (npm)

The package say-hello-test was found to contain malicious code...

MAL-2025-32744 Malicious code in say-hello-test (npm)

The package say-hello-test was found to contain malicious code...

CVE-2024-1880

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the speech method of the...

CVE-2024-1880

CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...

GHSA-WQ7Q-5V6J-XFV6 Command Injection in picotts

This affects all versions up to and including version 0.1.1 of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary Command Injection

Overview picotts is a PicoTTS wrapper. PicoTTS is being used by Android and it's extremely lightweight and fast yet produces very natural voices. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the say function, it is...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

RubyGems Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

Arbitrary Code Injection

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the Gem::UserInteractionverbose function which calls say without escaping. Remediation Upgrade rubygems-update to version 2.7.9, 3.0.3 or highe...

GHSA-FR32-GR5C-XQ5C RubyGems Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...