8.2
CVE-2025-32353 -
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
4.1
CVE-2025-53906 - Vim has path traversal issue with zip.vim and special crafted zip archives
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully…
4.1
CVE-2025-53905 - Vim has path traversial issue with tar.vim and special crafted tar files
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully…
5.3
CVE-2025-6981 - Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unaut…
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of Gi…
8.9
CVE-2025-49841 - GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new function in process_ckpt.py. In load_sovits_new,…
8.9
CVE-2025-49840 - GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights function. In change_gpt_weights, the user inp…
8.9
CVE-2025-49839 - GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of Rofo…
8.9
CVE-2025-49838 - GHSL-2025-050: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance …
8.9
CVE-2025-49837 - GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of Aud…
8.9
CVE-2025-49836 - GHSL-2025-048: GPT-SoVITS Command Injection vulnerability
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user input, which is passed to the change_label function, which concatenates the user input into a command…