Apache CXF Vulnerability: DoS and Data Leak Risks Exposed (CVE-2025-48795) The Apache Software Foundation has disclosed a vulnerability—CVE-2025-48795—affecting multiple versions of Apache CXF, an open-source web services framework relied upon by developers for building SOAP … Read more Published Date: Jul 15, 2025 (10 hours, 11 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-48795 CVE-2024-28752
Broadcom Addresses Critical Vulnerabilities in VMware ESXi, Workstation, and Fusion Broadcom has issued an urgent advisory addressing four critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Tools, with CVSS scores reaching as high as 9.3. These flaws, reported t … Read more Published Date: Jul 15, 2025 (10 hours, 42 minutes ago) Vulnerabilities has been mentioned in […]
Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack Google has released a critical Stable Channel update for Chrome Desktop (version 138.0.7204.157/.158), addressing six security vulnerabilities, including one that is already being exploited in the wil … Read more Published Date: Jul 15, 2025 (10 hours, 57 minutes ago) Vulnerabilities has been mentioned in this […]
The following table lists the changes that have been made to the CVE-2025-6981 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Jul. 15, 2025 Action […]
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable […]
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable […]
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable takes user input and passes it to the load_sovits_new function in process_ckpt.py. In load_sovits_new, the user input, here sovits_path is used to load a model with torch.load, leading to unsafe deserialization. […]
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights function. In change_gpt_weights, the user input, here gpt_path is used to load a model with torch.load, leading to unsafe deserialization. At time […]
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of Roformer_Loader class is created with the model_path attribute containing […]
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of AudioPreDeEcho class is created with the model_path attribute […]
