Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
text-to-speech vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1772
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible...
NA
CVE-2024-0827
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it pos...
NA
CVE-2024-0828
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for ...
5.4
CVSSv3
CVE-2023-0070
The ResponsiveVoice Text To Speech WordPress plugin prior to 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored ...
Responsivevoice Responsivevoice Text To Speech
7.8
CVSSv3
CVE-2021-28927
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code v...
Libretro Retroarch
6.8
CVSSv3
CVE-2020-10262
An issue exists on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID o...
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware 1.58.10
6.8
CVSSv3
CVE-2020-10263
An issue exists on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech t...
Mi Xiaomi Xiaoai Speaker Pro Lx06 Firmware 1.52.4
6.8
CVSSv3
CVE-2020-8994
An issue exists on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAO...
Mi Mdz-25-dt Firmware 1.34.36
Mi Mdz-25-dt Firmware 1.40.14
7.8
CVSSv3
CVE-2019-16253
The Text-to-speech Engine (aka SamsungTTS) application prior to 3.0.02.7 and 3.0.00.101 for Android allows a local malicious user to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.
Samsung Text-to-speech
8 Github repositories
7.8
CVSSv3
CVE-2019-0985
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'.
Microsoft Windows Server 2008 R2
Microsoft Windows 7 -
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »