Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6795

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00744EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6796

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00513EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6792

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.013EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6797

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00845EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6793

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00995EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6788

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6784

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00845EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/03/21 10:28 p.m.13 views

CVE-2025-27786

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file removal in core.py. outputttspath in tts.py takes arbitrary user input and passes it to runttsscript function in core.py, which checks if the path in outputttspath exists, and if yes, removes that...

9.1CVSS7.3AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:27 p.m.12 views

CVE-2025-27782

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of...

9.8CVSS8.2AI score0.013EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:27 p.m.12 views

CVE-2025-27784

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS7.2AI score0.00525EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:26 p.m.8 views

CVE-2025-27779

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.8CVSS8.1AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:23 p.m.12 views

CVE-2025-27778

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

9.8CVSS7.8AI score0.00896EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/19 8:42 p.m.29 views

CVE-2025-27774 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 156 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS0.00531EPSS
Exploits0References5
OSV
OSV
added 2025/03/19 8:42 p.m.5 views

CVE-2025-27775 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 143 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS8.2AI score0.00531EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/03/19 8:42 p.m.21 views

CVE-2025-27776 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 240 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

9.3CVSS7.5AI score0.00531EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 8:42 p.m.8 views

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

9.3CVSS8AI score0.00845EPSS
Exploits0References6
OSV
OSV
added 2025/03/19 8:41 p.m.5 views

CVE-2025-27782 Applio allows arbitrary file write in inference.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of...

8.7CVSS8.1AI score0.013EPSS
Exploits1References7
OSV
OSV
added 2025/03/19 8:41 p.m.10 views

CVE-2025-27783 Applio allows arbitrary file write in train.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in train.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. As of tim...

8.7CVSS8.1AI score0.00995EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/19 8:41 p.m.17 views

CVE-2025-27784 Applio allows arbitrary file read in train.py export_pth function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS0.00525EPSS
Exploits1References3
OSV
OSV
added 2025/03/19 8:41 p.m.5 views

CVE-2025-27784 Applio allows arbitrary file read in train.py export_pth function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

8.7CVSS6.6AI score0.00525EPSS
Exploits1References5
Rows per page
Query Builder