CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4096 |
Description: Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: HIGH (8.8) EPSS Score: 0.06%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-4050 |
Description: Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS: HIGH (8.8) EPSS Score: 0.06%
May 5th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on May 5th, 2025 (about 2 months ago).
Description: Google’s Android security update for May 2025 patches a zero-day vulnerability in the FreeType font library that is currently being exploited in the wild, alongside dozens of high-severity flaws across the system, framework, and various hardware components. The zero-day, tracked as CVE-2025-27363, resides in the System component and stems from a memory handling bug in …
The post Android May 2025 Security Update Fixes Actively Exploited FreeType Zero-Day appeared first on CyberInsider.
CVSS: HIGH (8.1)
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-45237 |
Description: Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43848 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path0 variable takes user input (e.g. a path to a model) and passes it to the change_info function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43847 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to the extract_small_model function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43846 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path1 variable takes user input (e.g. a path to a model) and passes it to the show_info function in process_ckpt.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43845 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, which opens and reads the file on the given path (except it changes the final on the path to train.log), and passes the contents of the file to eval, which can lead to remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43844 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, among others, take user input and pass it to the click_train function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.56%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43843 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables exp_dir1, np7 and f0method8 take user input and pass it into the extract_f0_feature function, which concatenates them into a command that is run on the server. This can lead to arbitrary command execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.43% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|