31 matches found
InvokeAI Arbitrary File Deletion vulnerability
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
GHSA-227R-W5J2-6243 InvokeAI Arbitrary File Deletion vulnerability
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
Denial of Service (DoS)
Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Denial of Service DoS through the multipart request boundary processing mechanism. An attacker can...
GHSA-6F6X-F56Q-5XGV InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`
A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`
A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...
InvokeAI 5.0 Code Injection
InvokeAI version 5.0 suffers from a remote code execution vulnerability. ============================================================================================================================================= | Title : InvokeAI v5.0 PHP Code Injection Vulnerability | | Author : indoushka | ...
PT-2025-7327 · Pytorch +1 · Pytorch +1
Name of the Vulnerable Software and Affected Versions: InvokeAI affected versions not specified Description: The issue concerns an unsafely deserialized file download in the backend, potentially allowing remote code execution RCE through PyTorch's torch.load function. Recommendations: At the...
Metasploit Weekly Wrap-Up 02/21/2025
BeyondTrust exploit + fetch payload updates This Metasploit release includes an exploit module that chains two vulnerabilities, one exploited in the wild by APT groups and another one, a 0-day discovered by Rapid7 during the vulnerability analysis. This week's release also includes a significant...
InvokeAI Remote Code Execution Exploit
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
InvokeAI Remote Code Execution
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
InvokeAI RCE
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...