EUVD-2025-7057

Malicious code in bioql PyPI...

EUVD-2023-47944

Malicious code in bioql PyPI...

EUVD-2024-19178

Malicious code in bioql PyPI...

Invoke 安全漏洞

Invoke is a leading creative engine for stabilizing diffusion models open-sourced by InvokeAI. A security vulnerability exists in Invoke v6.0.0a1 and earlier versions, which stems from the GET /api/v1/images/download/bulkdownloaditemname endpoint that does not properly handle the filename...

CVE-2023-53291

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfreescalethread threads after unloading rcuscale Running the 'kfreercutest' test case 1 results in a splat 2. The root cause is the kfreescalethread threads continue running after unloading the rcuscale module...

APT Package Manager Persistence

This module will run a payload when the APT package manager is used. This module creates a pre-invoke hook for APT in apt.conf.d. Write access to the apt.conf.d directory is required, typically requiring root access. The hook name is randomized if not specified. Verified on Ubuntu 22.04 Module...

Linux Distros Unpatched Vulnerability : CVE-2018-10992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows...

Linux Distros Unpatched Vulnerability : CVE-2024-38572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmiinvokehandler Currently, there is no terminator...

PT-2025-23582 · Fastrpc · Fastrpc

Name of the Vulnerable Software and Affected Versions: FastRPC affected versions not specified Description: The issue is related to memory corruption that occurs while processing INIT and multimode invoke IOCTL calls on FastRPC. Recommendations: At the moment, there is no information about a newe...

CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions...

CVE-2012-1291

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servletjsp service...

CVE-2024-12029

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

CVE-2024-10821

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

CVE-2024-11043

A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...

CVE-2024-11042

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

InvokeAI Uncontrolled Resource Consumption vulnerability

A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...

CVE-2024-12029

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

PYSEC-2025-9

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

PYSEC-2025-9

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

CVE-2024-12029

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...