164 matches found
CVE-2024-11044
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...
CVE-2024-11044
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...
CVE-2024-10935
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
CVE-2024-10935
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
CVE-2024-12074 Denial of Service in automatic1111/stable-diffusion-webui
A Denial of Service DoS vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...
CVE-2024-12074 Denial of Service in automatic1111/stable-diffusion-webui
A Denial of Service DoS vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...
CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-11045
The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....
CVE-2024-11045 Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
CVE-2024-12375 Local File Inclusion in automatic1111/stable-diffusion-webui
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the application...
CVE-2024-12375
The CVE-2024-12375 entry concerns a Local File Inclusion in automatic1111/stable-diffusion-webui, affecting the git version 82a973c. The vulnerability enables an attacker to read arbitrary files on the host by sending a specially crafted request to the application. The CVSS base score is 6.5 (Med...
CVE-2024-10935 Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
CVE-2024-10935
CVE-2024-10935 concerns automatic1111/stable-diffusion-webui v1.10.0. The issue arises when the server fails to handle excessive characters at the end of multipart boundaries, allowing malformed multipart requests to trigger excessive resource consumption and a complete DoS. The vulnerability is ...
CVE-2024-11044
CVE-2024-11044 is an open redirect vulnerability in automatic1111/stable-diffusion-webui 1.10.0. The issue allows unauthenticated remote attackers to redirect users to attacker-controlled sites via the file parameter in the /file= endpoint, enabling phishing, malware distribution, and credential ...
CVE-2024-11044 Open Redirect in automatic1111/stable-diffusion-webui
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...
CVE-2024-11044 Open Redirect in automatic1111/stable-diffusion-webui
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...
CVE-2024-12374
CVE-2024-12374 : Stored XSS in automatic1111/stable-diffusion-webui (git 82a973c). An attacker can upload an HTML file that the app treats as content-type application/html; when a victim visits the malicious link, arbitrary JavaScript runs in the browser. Connected documents confirm the vulnerabi...
CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui
A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...
Stable Diffusion web UI 跨站脚本漏洞
Stable Diffusion web UI is a web interface by the individual developer of AUTOMATIC1111. A cross-site scripting vulnerability exists in the Stable Diffusion web UI that originates from an HTML file upload and could lead to a stored cross-site scripting attack...
ComfyUI 跨站请求伪造漏洞
ComfyUI is one of the most powerful and modular diffusion model GUIs and backends from comfyanonymous individual developers. A cross-site request forgery vulnerability exists in ComfyUI v0.2.2 and prior versions, which stems from insufficient CSRF protection and could lead to unauthorized API...