173 matches found
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
CVE-2026-45804
Diffusers CVE-2026-45804 describes a TOCTOU race in DiffusionPipeline.from_pretrained where two Hub fetches (config via hf_hub_download and a snapshot via snapshot_download) can resolve to different commits. An attacker could push commit B after the first check, causing the newer commit’s model_i...
CVE-2026-47750
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...
CVE-2026-47748
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...
CVE-2026-47747 stable-diffusion.cpp has a Heap-based Buffer Overflow
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...
CVE-2026-47749
The CVE-2026-47749 entry concerns stable-diffusion.cpp, a C/C++ library for diffusion-model inference. A flaw in the pickle .ckpt parser (src/model.cpp) allows a heap buffer overflow in SHORT_BINUNICODE handling due to sign confusion on the opcode length field. A crafted untrusted .ckpt file coul...
CVE-2026-47749
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
CVE-2026-47749 stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
CVE-2026-47748 stable-diffusion.cpp: Out-of-bounds reads in PyTorch checkpoint pickle opcode parsing
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...
PT-2026-49749
Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description An out-of-bounds read error exists during PyTorch checkpoint pickle opcode parsing. The pickle .ckpt parser in the src/model.cpp file fails to consistently verify that...
MaskForge: Structure-Aware Adaptive Attacks for Jailbreaking Diffusion Large Language Models
Diffusion large language models dLLMs generate text by iteratively denoising partially masked sequences under bidirectional context, exposing a safety surface distinct from autoregressive LLMs. Because mask tokens are native inputs and tokens are committed by confidence rather than position,...
PT-2026-42205
Name of the Vulnerable Software and Affected Versions diffusers affected versions not specified Description A race condition exists in the DiffusionPipeline.from pretrained flow when loading pipelines from the HuggingFace Hub. The process involves two separate HTTP calls: one via hf hub download ...
Awakening the Hydra: Stabilizing Multi-Concept Backdoor Injection in Text-To-Image Diffusion Models
Text-to-image diffusion models are increasingly developed through open-source reuse and repeated downstream fine-tuning, where reused checkpoints are difficult to verify and thus more susceptible to hidden backdoor behaviors. In such ecosystems, a single pretrained model may be sequentially adapt...
Backdooring Masked Diffusion Language Models
Masked diffusion language models MDLMs are emerging as a compelling new paradigm for text generation, but their training-time security remains largely unexplored. Existing backdoor attacks on Gaussian diffusion models or autoregressive language models do not directly apply to MDLMs because MDLMs...
PYSEC-2026-40
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
CVE-2026-44513
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...
CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...
CVE-2026-44513
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
GHSA-98H9-4798-4Q5V Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
Impact A trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variants, all sharing the same root cause — the trustremotecode gate was...