149 matches found
CVE-2024-12882
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...
CVE-2024-12882
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...
CVE-2024-10481
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2024-10481
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2024-12882
CVE-2024-12882 affects comfyanonymous/comfyui v0.2.4. The vulnerability is a non-blind SSRF exploitable by combining REST APIs POST /internal/models/download and GET /view, allowing an attacker to abuse the victim server’s credentials to access unauthorized external resources. Multiple connected ...
CVE-2024-12882 SSRF in comfyanonymous/comfyui
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...
CVE-2024-12882 SSRF in comfyanonymous/comfyui
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...
CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2024-10481
CVE-2024-10481 is a CSRF vulnerability in comfyanonymous/comfyui
PT-2025-12155 · Comfyui · Comfyui
Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version v0.2.4 Description: The issue is related to a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view...
ComfyUI 跨站请求伪造漏洞
ComfyUI is one of the most powerful and modular diffusion model GUIs and backends from comfyanonymous individual developers. A cross-site request forgery vulnerability exists in ComfyUI v0.2.2 and prior versions, which stems from insufficient CSRF protection and could lead to unauthorized API...
PT-2025-12042 · Comfyanonymous · Comfyui
Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui versions up to v0.2.2 Description: A CSRF issue exists, allowing attackers to host malicious websites that can perform arbitrary API requests on behalf of authenticated users when visited. This can be exploited to uploa...
ComfyUI 代码问题漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend from comfyanonymous individual developers. A code issue vulnerability exists in ComfyUI version v0.2.4, which stems from an unvalidated URL and could lead to a server-side request forgery attack...
CVE-2024-21577
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACEExpressionEval node contains an eval in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server...
CVE-2024-21576
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...
CVE-2024-21577
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACEExpressionEval node contains an eval in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server...
CVE-2024-21577
The CVE-2024-21577 entry concerns ComfyUI-Ace-Nodes, where the ACE_ExpressionEval node exposes an eval() in its entrypoint, allowing an attacker-controlled input to execute arbitrary code on the server. The vulnerability arises from evaluating user-supplied data, enabling potential code injection...
CVE-2024-21577
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACEExpressionEval node contains an eval in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server...
CVE-2024-21576
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...