Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

CVE-2026-47750

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

CVE-2026-47748

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...

CVE-2026-47749

The CVE-2026-47749 entry concerns stable-diffusion.cpp, a C/C++ library for diffusion-model inference. A flaw in the pickle .ckpt parser (src/model.cpp) allows a heap buffer overflow in SHORT_BINUNICODE handling due to sign confusion on the opcode length field. A crafted untrusted .ckpt file coul...

EUVD-2025-7011

Malicious code in bioql PyPI...

EUVD-2024-29865

Malicious code in bioql PyPI...

EUVD-2025-16160

Malicious code in bioql PyPI...

EUVD-2024-29864

Malicious code in bioql PyPI...

EUVD-2024-29860

Malicious code in bioql PyPI...

EUVD-2024-29862

Malicious code in bioql PyPI...

EUVD-2025-7024

Malicious code in bioql PyPI...

EUVD-2025-7001

Malicious code in bioql PyPI...

EUVD-2024-29344

Malicious code in bioql PyPI...

EUVD-2025-7060

Malicious code in bioql PyPI...

CVE-2024-32024

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a path injection in the commongui.py addprepostfix function. This vulnerability is fixed in 23.1.5...

CVE-2024-32023

Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to a path injection in the commongui.py findandreplace function. This vulnerability is fixed in 23.1.5...

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2025-45468

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...

CVE-2025-45468

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account...

fc-stable-diffusion 安全漏洞

fc-stable-diffusion is an open source tool from Serverless Devs Registry for deploying stable-diffusion to AliCloud Functional Computing. A security vulnerability exists in fc-stable-diffusion v1.0.18, which stems from improper privileges and could lead to elevated privileges and customer cloud...