CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-10783 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.9.0 Source cves: CVE-2026-10783 Source advisory: SNYK:PYTHON-GRADIO-17146861...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Import function in the TTS Configuration Endpoint. An attacker can access internal resources or services by sending crafted requests through the vulnerable endpoint. Remediation Upgrade...

CVE-2026-10583

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

CVE-2026-10583 nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

CVE-2026-10583

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

EUVD-2026-33879

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

PT-2026-45691

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate...

goclaw 代码问题漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier have code vulnerabilities. These vulnerabilities stem from issues with the Import function in the ttsconfig.go file within the TTS Configuration Endpoint component, which ma...

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

CVE-2026-43624

F5-TTS up to v1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized project names to os.path.join() without validating the resulting path. An attacker can supply absolute paths (e.g., /t...

CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the handleSave function of the RoleAdmin Gateway component in the ttsconfig.go file. An attacker can gain unauthorized access to privileged operations by exploiting improper privilege management through...

EUVD-2026-33538

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.9.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

CVE-2026-42456 AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

PT-2026-39221

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.12.1 Description An insecure direct object reference IDOR exists in the text-to-speech endpoint. The endpoint "/api/workspace/:slug/tts/:chatId" validates workspace membership but fails to enforce ownership of t...