149 matches found
EUVD-2025-18346
Malicious code in bioql PyPI...
EUVD-2024-47724
Malicious code in bioql PyPI...
EUVD-2024-19224
Malicious code in bioql PyPI...
CVE-2025-6107
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...
CVE-2025-6092
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
CVE-2025-6107
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...
CVE-2025-6107 comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...
CVE-2025-6107
CVE-2025-6107 affects comfyanonymous comfyui 0.3.40. The vulnerability is in the function set_attr of /comfy/utils.py, enabling manipulation of dynamically-determined object attributes. The issue can be triggered remotely with high attack complexity and no privileges required; PoC exploits have b...
CVE-2025-6107 comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...
ComfyUI 安全漏洞
ComfyUI is one of the most powerful and modular diffusion model GUIs and backends for comfyanonymous individual developers. A security vulnerability exists in ComfyUI version 0.3.40, which stems from a dynamic attribute issue that could lead to object attribute manipulation...
PT-2025-25518 · Comfyui · Comfyui
Name of the Vulnerable Software and Affected Versions: comfyanonymous comfyui version 0.3.40 Description: A vulnerability was found in the function set attr of the file /comfy/utils.py, which can lead to dynamically-determined object attributes. The attack can be launched remotely, but it has a...
CVE-2025-6092
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
CVE-2025-6092 comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
CVE-2025-6092 comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting
A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...
CVE-2025-6092
CVE-2025-6092 affects comfynonymous comfyui up to version 0.3.39. The vulnerability resides in the /upload/image endpoint where manipulation of the image argument enables cross-site scripting (XSS). Exploitation is possible remotely and PoC activity is indicated in sources. No official fix versio...
ComfyUI 代码注入漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend from comfyanonymous individual developers. A code injection vulnerability exists in ComfyUI version 0.3.39 and earlier, which stems from a cross-site scripting attack due to the incorrect manipulation of the parameter...
PT-2025-25502 · Comfyui · Comfyui
Name of the Vulnerable Software and Affected Versions: comfyanonymous comfyui versions up to 0.3.39 Description: A vulnerability was found in the file /upload/image of the component, allowing for cross-site scripting through the manipulation of the image argument. This issue can be exploited...
CVE-2024-10099
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...
CVE-2024-10481
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2024-12882
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...