2 matches found
CVE-2025-6237
A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...
CVE-2025-6237
creationtimestamp| type| source ---|---|--- 2025-09-18 11:12:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lz47qvj5bz2j 2025-09-19 09:02:10+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lz6iwsdnx32q...