Lucene search
K

149 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-18346

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.0032EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47724

Malicious code in bioql PyPI...

6.5CVSS5AI score0.00167EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19224

Malicious code in bioql PyPI...

9.2CVSS6.5AI score0.00973EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/18 5:18 a.m.9 views

CVE-2025-6107

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...

3.1CVSS3.9AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/17 6:21 p.m.10 views

CVE-2025-6092

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...

6.1CVSS4.8AI score0.00342EPSS
Exploits1References1
NVD
NVD
added 2025/06/16 5:15 a.m.10 views

CVE-2025-6107

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...

3.1CVSS0.00366EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/16 5:0 a.m.5 views

CVE-2025-6107 comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...

3.1CVSS6.9AI score0.00366EPSS
Exploits0References5
CVE
CVE
added 2025/06/16 5:0 a.m.28 views

CVE-2025-6107

CVE-2025-6107 affects comfyanonymous comfyui 0.3.40. The vulnerability is in the function set_attr of /comfy/utils.py, enabling manipulation of dynamically-determined object attributes. The issue can be triggered remotely with high attack complexity and no privileges required; PoC exploits have b...

3.1CVSS3.9AI score0.00366EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/16 5:0 a.m.14 views

CVE-2025-6107 comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function setattr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an...

3.1CVSS0.00366EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.5 views

ComfyUI 安全漏洞

ComfyUI is one of the most powerful and modular diffusion model GUIs and backends for comfyanonymous individual developers. A security vulnerability exists in ComfyUI version 0.3.40, which stems from a dynamic attribute issue that could lead to object attribute manipulation...

3.1CVSS4.2AI score0.00366EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.5 views

PT-2025-25518 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous comfyui version 0.3.40 Description: A vulnerability was found in the function set attr of the file /comfy/utils.py, which can lead to dynamically-determined object attributes. The attack can be launched remotely, but it has a...

3.1CVSS3.7AI score0.00366EPSS
Exploits0References9
NVD
NVD
added 2025/06/15 6:15 p.m.14 views

CVE-2025-6092

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...

5.3CVSS0.0032EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/15 5:31 p.m.34 views

CVE-2025-6092 comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...

5.3CVSS0.0032EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/06/15 5:31 p.m.3 views

CVE-2025-6092 comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site...

5.3CVSS4.9AI score0.00342EPSS
Exploits1References4
CVE
CVE
added 2025/06/15 5:31 p.m.67 views

CVE-2025-6092

CVE-2025-6092 affects comfynonymous comfyui up to version 0.3.39. The vulnerability resides in the /upload/image endpoint where manipulation of the image argument enables cross-site scripting (XSS). Exploitation is possible remotely and PoC activity is indicated in sources. No official fix versio...

5.3CVSS4.9AI score0.00342EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/15 12:0 a.m.7 views

ComfyUI 代码注入漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend from comfyanonymous individual developers. A code injection vulnerability exists in ComfyUI version 0.3.39 and earlier, which stems from a cross-site scripting attack due to the incorrect manipulation of the parameter...

5.3CVSS4.9AI score0.0032EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/15 12:0 a.m.3 views

PT-2025-25502 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous comfyui versions up to 0.3.39 Description: A vulnerability was found in the file /upload/image of the component, allowing for cross-site scripting through the manipulation of the image argument. This issue can be exploited...

5.3CVSS4.5AI score0.0032EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.10 views

CVE-2024-10099

A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...

6.1CVSS5.2AI score0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 1:6 p.m.11 views

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...

6.5CVSS7AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:24 p.m.7 views

CVE-2024-12882

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS7AI score0.00703EPSS
Exploits1References1
Rows per page
Query Builder