77 matches found
CVE-2024-12375 Local File Inclusion in automatic1111/stable-diffusion-webui
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the application...
CVE-2024-12375
The CVE-2024-12375 entry concerns a Local File Inclusion in automatic1111/stable-diffusion-webui, affecting the git version 82a973c. The vulnerability enables an attacker to read arbitrary files on the host by sending a specially crafted request to the application. The CVSS base score is 6.5 (Med...
CVE-2024-10935 Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
CVE-2024-10935
CVE-2024-10935 concerns automatic1111/stable-diffusion-webui v1.10.0. The issue arises when the server fails to handle excessive characters at the end of multipart boundaries, allowing malformed multipart requests to trigger excessive resource consumption and a complete DoS. The vulnerability is ...
CVE-2024-11044 Open Redirect in automatic1111/stable-diffusion-webui
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...
CVE-2024-11044
CVE-2024-11044 is an open redirect vulnerability in automatic1111/stable-diffusion-webui 1.10.0. The issue allows unauthenticated remote attackers to redirect users to attacker-controlled sites via the file parameter in the /file= endpoint, enabling phishing, malware distribution, and credential ...
CVE-2024-11044 Open Redirect in automatic1111/stable-diffusion-webui
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...
CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui
A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...
CVE-2024-12374
CVE-2024-12374 : Stored XSS in automatic1111/stable-diffusion-webui (git 82a973c). An attacker can upload an HTML file that the app treats as content-type application/html; when a victim visits the malicious link, arbitrary JavaScript runs in the browser. Connected documents confirm the vulnerabi...
Stable Diffusion web UI 安全漏洞
Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. A security vulnerability exists in the Stable Diffusion web UI that originates from a specially crafted request and could lead to a local file inclusion attack...
Stable Diffusion web UI 跨站脚本漏洞
Stable Diffusion web UI is a web interface by the individual developer of AUTOMATIC1111. A cross-site scripting vulnerability exists in the Stable Diffusion web UI that originates from an HTML file upload and could lead to a stored cross-site scripting attack...
Stable Diffusion web UI 资源管理错误漏洞
Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. A resource management error vulnerability exists in Stable Diffusion web UI version 1.10.0, which stems from improper handling of form-data in a file upload request and could lead to a denial of service attack...
Stable Diffusion web UI 访问控制错误漏洞
Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. An access control error vulnerability exists in Stable Diffusion web UI version 1.10.0, which stems from a cross-site WebSocket hijacking vulnerability that could lead to unauthorized operations...
Stable Diffusion web UI 资源管理错误漏洞
Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. A resource management error vulnerability exists in Stable Diffusion web UI version 1.10.0, which stems from the server's failure to handle excessive characters at the end of multi-part boundaries, which could lea...
Stable Diffusion web UI 输入验证错误漏洞
Stable Diffusion web UI is a web interface for AUTOMATIC1111 individual developers. An input validation error vulnerability exists in Stable Diffusion web UI version 1.10.0, which stems from an open redirection vulnerability that could lead to phishing attacks, malware distribution, and credentia...
PT-2025-12097 · Unknown · Automatic1111/Stable-Diffusion-Webui
Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: A Cross-Site WebSocket Hijacking CSWSH vulnerability allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability is due to a lack of...
PT-2025-12123 · Unknown · Automatic1111/Stable-Diffusion-Webui
Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request...
PT-2025-12080 · Unknown · Automatic1111/Stable-Diffusion-Webui
Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: The software is susceptible to a flaw where the server does not properly manage extra characters added to the end of multipart boundaries. This can be exploited by sending...
CVE-2024-32022
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass is vulnerable to command injection in basiccaptiongui.py. This vulnerability is fixed in 23.1.5...
CVE-2024-32027
Kohyass is a GUI for Kohya's Stable Diffusion trainers. Kohyass v22.6.1 is vulnerable to command injection in finetunegui.py This vulnerability is fixed in 23.1.5...