Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6590

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.1AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:52 p.m.14 views

CVE-2026-2614

A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...

7.5CVSS7.1AI score0.00696EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/14 8:26 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data through the getmodelbyid handler in routers/models.py. An attacker can read the admin-curated system prompt and other model behavior settings by sending a GET...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/20 12:45 a.m.6 views

CVE-2026-6590 ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 12:45 a.m.5 views

EUVD-2026-23733

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:45 a.m.6 views

CVE-2026-6590

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

ComfyUI 安全漏洞

ComfyUI is the most powerful and modular diffusion model GUI and backend developed by comfyanonymous individuals. Versions of ComfyUI prior to 0.13.0 contain security vulnerabilities, which stem from improper handling of the getmodelpreview function in the file app/modelmanager.py, potentially...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 11:16 p.m.6 views

CVE-2026-28225

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...

6.5CVSS0.00265EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/26 10:40 p.m.4 views

CVE-2026-28225 Manyfold has IDOR in ModelFilesController

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...

5.3CVSS5.9AI score0.00265EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 10:40 p.m.5 views

EUVD-2026-8915

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...

5.3CVSS5.4AI score0.00265EPSS
Exploits1References2
CVE
CVE
added 2026/02/26 10:40 p.m.11 views

CVE-2026-28225

Manyfold is exposed to an authorization bypass in older releases. Before version 0.133.1, the get_model method in ModelFilesController loads models with Model.find_param(params[:model_id]) without enforcing policy_scope(), bypassing Pundit authorization, unlike other controllers (e.g., ModelsCont...

6.5CVSS5.4AI score0.00265EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 10:40 p.m.20 views

CVE-2026-28225 Manyfold has IDOR in ModelFilesController

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...

5.3CVSS0.00265EPSS
Exploits1References2
Veracode
Veracode
added 2025/08/28 8:53 a.m.6 views

Arbitrary Code Execution (ACE)

skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...

8.4CVSS7.4AI score0.00197EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/08 12:3 a.m.6 views

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

8.4CVSS7.9AI score0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/08 12:3 a.m.3 views

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

8.4CVSS7.2AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.6 views

Skops 代码问题漏洞

Skops is a Python library from the Skops project that helps share scikit-learn-based models and put them into production. A code issue vulnerability exists in Skops 0.12.0 and earlier versions that stems from the Card.getmodel function not preventing arbitrary code execution, which could lead to ...

8.4CVSS6.9AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/07 4:42 p.m.2 views

Deserialization of Untrusted Data

Overview skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getmodel function due to insecure pickle loading. An attacker can execute arbitrary code by supplyi...

8.6CVSS7.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-32333 · Skops · Skops

Name of the Vulnerable Software and Affected Versions: skops versions 0.12.0 and below skops versions prior to 0.13.0 Description: The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for mode...

8.4CVSS7.6AI score0.00197EPSS
Exploits0References9
PyPA
PyPA
added 2025/03/20 10:15 a.m.25 views

PYSEC-2025-97

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secu...

8.1CVSS7.3AI score0.00581EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder