167 matches found
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
CVE-2026-47750
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...
CVE-2026-47748
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...
CVE-2026-47749
The CVE-2026-47749 entry concerns stable-diffusion.cpp, a C/C++ library for diffusion-model inference. A flaw in the pickle .ckpt parser (src/model.cpp) allows a heap buffer overflow in SHORT_BINUNICODE handling due to sign confusion on the opcode length field. A crafted untrusted .ckpt file coul...
MaskForge: Structure-Aware Adaptive Attacks for Jailbreaking Diffusion Large Language Models
Diffusion large language models dLLMs generate text by iteratively denoising partially masked sequences under bidirectional context, exposing a safety surface distinct from autoregressive LLMs. Because mask tokens are native inputs and tokens are committed by confidence rather than position,...
PT-2026-42205
Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.from pretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trust remote code guard: if the...
Awakening the Hydra: Stabilizing Multi-Concept Backdoor Injection in Text-To-Image Diffusion Models
Text-to-image diffusion models are increasingly developed through open-source reuse and repeated downstream fine-tuning, where reused checkpoints are difficult to verify and thus more susceptible to hidden backdoor behaviors. In such ecosystems, a single pretrained model may be sequentially adapt...
Backdooring Masked Diffusion Language Models
Masked diffusion language models MDLMs are emerging as a compelling new paradigm for text generation, but their training-time security remains largely unexplored. Existing backdoor attacks on Gaussian diffusion models or autoregressive language models do not directly apply to MDLMs because MDLMs...
CVE-2026-44513
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
PYSEC-2026-40
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...
CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...
CVE-2026-44513
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
GHSA-98H9-4798-4Q5V Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
Impact A trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variants, all sharing the same root cause — the trustremotecode gate was...
Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
Background This vulnerability is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function accepts an optional custompipeline keyword argument: the name of a Python file in the repo that contains a custom class inheriting from...
GHSA-J7W6-VPVQ-J3GM Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
Background This vulnerability is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function accepts an optional custompipeline keyword argument: the name of a Python file in the repo that contains a custom class inheriting from...
PT-2026-39298
Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description An issue exists in the DiffusionPipeline.from pretrained flow when loading pipelines from Hugging Face Hub repositories. The resolve custom pipeline and cls function in pipeline loading utils.py...
PT-2026-38410
Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description A bypass of the trust remote code security gate in the DiffusionPipeline.from pretrained function allows arbitrary remote code execution, even when trust remote code is set to False or left as...
How Hackers Are Thinking About AI
Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...
PRoADS: Provably Secure and Robust Audio Diffusion Steganography with Latent Optimization and Backward Euler Inversion
This paper proposes PRoADS, a provably secure and robust audio steganographic framework based on audio diffusion models. As a generative steganography scheme, PRoADS embeds secret messages into the initial noise of diffusion models via orthogonal matrix projection. To address the reconstruction...