Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.9 CVE-2025-49834

GHSL-2025-046: GPT-SoVITS Command Injection vulnerability_CVE-2025-49834

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in we...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49833

GHSL-2025-045: GPT-SoVITS Command Injection vulnerability_CVE-2025-49833

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in th...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49839

GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49839

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49838

GHSL-2025-050: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49838

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49837

GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49837

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49841

GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49841

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 8.9 CVE-2025-49840

GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49840

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...

RVC-Boss GPT-SoVITS <= 20250228v3 CVE
HIGH 7.2 CVE-2025-2800

WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name'_CVE-2025-2800

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script...

wpeventmanager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce * CVE
HIGH 8.2 CVE-2025-7359

Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block_CVE-2025-7359

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...

danielriera Counter live visitors for WooCommerce * CVE
HIGH 8.1 CVE-2025-6043

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2025-6043

The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missi...

malcure Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal * CVE