Lucene search
K

149 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.3 views

CVE-2024-12882

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS0.00703EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-12882

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS6.9AI score
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

6.5CVSS0.00208EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

6.5CVSS6.7AI score
Exploits0References1
CVE
CVE
added 2025/03/20 10:10 a.m.96 views

CVE-2024-12882

CVE-2024-12882 affects comfyanonymous/comfyui v0.2.4. The vulnerability is a non-blind SSRF exploitable by combining REST APIs POST /internal/models/download and GET /view, allowing an attacker to abuse the victim server’s credentials to access unauthorized external resources. Multiple connected ...

7.5CVSS6.9AI score0.00703EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-12882 SSRF in comfyanonymous/comfyui

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS0.00703EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.3 views

CVE-2024-12882 SSRF in comfyanonymous/comfyui

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

6.5CVSS6.5AI score0.00208EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

6.5CVSS0.00208EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.49 views

CVE-2024-10481

CVE-2024-10481 is a CSRF vulnerability in comfyanonymous/comfyui

6.5CVSS6.9AI score0.00208EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.4 views

PT-2025-12155 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version v0.2.4 Description: The issue is related to a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view...

7.5CVSS7.4AI score0.00703EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

ComfyUI 跨站请求伪造漏洞

ComfyUI is one of the most powerful and modular diffusion model GUIs and backends from comfyanonymous individual developers. A cross-site request forgery vulnerability exists in ComfyUI v0.2.2 and prior versions, which stems from insufficient CSRF protection and could lead to unauthorized API...

6.5CVSS6.5AI score0.00208EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.4 views

PT-2025-12042 · Comfyanonymous · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui versions up to v0.2.2 Description: A CSRF issue exists, allowing attackers to host malicious websites that can perform arbitrary API requests on behalf of authenticated users when visited. This can be exploited to uploa...

6.5CVSS6.4AI score0.00208EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

ComfyUI 代码问题漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend from comfyanonymous individual developers. A code issue vulnerability exists in ComfyUI version v0.2.4, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:56 a.m.11 views

CVE-2024-21577

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACEExpressionEval node contains an eval in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server...

10CVSS7.3AI score0.00571EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 12:15 p.m.10 views

CVE-2024-21576

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...

10CVSS0.0055EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 12:15 p.m.27 views

CVE-2024-21577

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACEExpressionEval node contains an eval in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server...

10CVSS0.00571EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 11:17 a.m.51 views

CVE-2024-21577

The CVE-2024-21577 entry concerns ComfyUI-Ace-Nodes, where the ACE_ExpressionEval node exposes an eval() in its entrypoint, allowing an attacker-controlled input to execute arbitrary code on the server. The vulnerability arises from evaluating user-supplied data, enabling potential code injection...

10CVSS7.4AI score0.00571EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 11:17 a.m.8 views

CVE-2024-21577

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACEExpressionEval node contains an eval in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server...

10CVSS7.4AI score0.00571EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 11:17 a.m.20 views

CVE-2024-21576

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects ...

10CVSS0.0055EPSS
Exploits0References1
Rows per page
Query Builder