CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2531 – Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2531
20 Mar 2025 — Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. • https://www.zerodayinitiative.com/advisories/ZDI-25-174 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2532 – Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-2532
20 Mar 2025 — Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. • https://www.zerodayinitiative.com/advisories/ZDI-25-175 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27774 – Applio allows SSRF and file write in model_download.py
https://notcve.org/view.php?id=CVE-2025-27774
19 Mar 2025 — The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27775 – Applio allows SSRF and file write in model_download.py
https://notcve.org/view.php?id=CVE-2025-27775
19 Mar 2025 — The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27776 – Applio allows SSRF and file write in model_download.py
https://notcve.org/view.php?id=CVE-2025-27776
19 Mar 2025 — The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27778 – Applio allows unsafe deserialization in infer.py
https://notcve.org/view.php?id=CVE-2025-27778
19 Mar 2025 — The issue can lead to remote code execution. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/infer/infer.py#L464 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27779 – Applio allows unsafe deserialization in model_blender.py
https://notcve.org/view.php?id=CVE-2025-27779
19 Mar 2025 — The issue can lead to remote code execution. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/train/process/model_blender.py#L20-L21 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27782 – Applio allows arbitrary file write in inference.py
https://notcve.org/view.php?id=CVE-2025-27782
19 Mar 2025 — It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. • https://github.com/IAHispano/Applio/blob/d7d685fefd0c58e29e1d84d668613056791544a7/tabs/inference/inference.py#L1632-L1645 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27783 – Applio allows arbitrary file write in train.py
https://notcve.org/view.php?id=CVE-2025-27783
19 Mar 2025 — It can also be used in conjunction with an unsafe deserialization to achieve remote code execution. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/train/train.py#L212-L225 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27781 – Applio allows unsafe deserialization in inference.py
https://notcve.org/view.php?id=CVE-2025-27781
19 Mar 2025 — The issue can lead to remote code execution. • https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/inference/inference.py#L325 • CWE-502: Deserialization of Untrusted Data •