AI Sec Watch

Retrieval-based-Voice-Conversion-WebUI (a framework for changing voices using AI) in version 2.2.231006 and earlier has a critical vulnerability where user input is passed unsafely to a function that loads model files using torch.load (a Python tool that can execute code from files). An attacker could exploit this by providing a malicious model file path, leading to RCE (remote code execution, where an attacker can run commands on the system).

Retrieval-based-Voice-Conversion-WebUI, a voice changing framework, has a vulnerability in versions 2.2.231006 and earlier where user input (like a file path) is passed directly to torch.load (a function that reads model files). This unsafe deserialization (loading untrusted data that could contain malicious code) allows attackers to execute arbitrary commands on the system running the software.

Retrieval-based-Voice-Conversion-WebUI is a voice changing tool that has a security flaw in versions 2.2.231006 and earlier. The vulnerability allows unsafe deserialization (loading untrusted data that could contain malicious code) when the program takes user input for a model file path and loads it using torch.load, which could let attackers run arbitrary code on the system.

Retrieval-based-Voice-Conversion-WebUI, a voice changing tool, has a vulnerability in versions 2.2.231006 and earlier where unsafe deserialization (loading data in a way that can execute malicious code) allows attackers to run code remotely. The problem occurs because the software takes user input for model file paths and loads them using torch.load without proper safety checks, enabling RCE (remote code execution, where attackers can run commands on the affected system).

Retrieval-based-Voice-Conversion-WebUI, a voice-changing tool, has a vulnerability in versions 2.2.231006 and earlier where user input for model file paths is passed unsafely to torch.load (a function that loads saved AI models). This unsafe deserialization (loading data from untrusted sources without checking it first) can allow attackers to run arbitrary code on the system.

Retrieval-based-Voice-Conversion-WebUI, a voice-changing framework, has a critical vulnerability in versions 2.2.231006 and earlier where unsafe deserialization (loading data from untrusted sources without checking it first) can occur. An attacker can exploit this by providing a malicious file path that gets loaded using torch.load, which can lead to RCE (remote code execution, where an attacker runs commands on a system they don't own).

Retrieval-based-Voice-Conversion-WebUI, a voice changing tool based on VITS (a voice synthesis model), has a vulnerability in versions 2.2.231006 and earlier where user-supplied file paths are loaded directly using torch.load (a function that can execute code when loading files), allowing attackers to run arbitrary code on the system. This happens because the ckpt_path1 variable accepts untrusted input and passes it unsafely to a model-loading function.

ChatGPT has two memory features: saved memories (which users can manage) and chat history (a newer feature that builds a profile over time without user visibility or control). The chat history feature doesn't search past conversations but maintains recent chat history and learns user preferences, though the implementation details are not publicly documented, and users cannot inspect or modify what the system learns about them unless they use prompt hacking (manipulating the AI's instructions to reveal hidden information).

The Model Context Protocol (MCP) is a system that lets AI applications discover and use external tools from servers at runtime (while the program is running). However, MCP has a security weakness: because servers can send instructions through the tool descriptions, they can perform prompt injection (tricking an AI by hiding instructions in its input) to control the AI client, making servers more powerful than they should be.