CVE-2024-11044

CVE-2024-11044 is an open redirect vulnerability in automatic1111/stable-diffusion-webui 1.10.0. The issue allows unauthenticated remote attackers to redirect users to attacker-controlled sites via the file parameter in the /file= endpoint, enabling phishing, malware distribution, and credential ...

CVE-2024-10935

CVE-2024-10935 concerns automatic1111/stable-diffusion-webui v1.10.0. The issue arises when the server fails to handle excessive characters at the end of multipart boundaries, allowing malformed multipart requests to trigger excessive resource consumption and a complete DoS. The vulnerability is ...

CVE-2024-12074

CVE-2024-12074 describes a DoS in automatic1111/stable-diffusion-webui 1.10.0 caused by improper handling of form-data with a very large filename in file uploads. The vulnerability, exploitable without authentication, can render the server unresponsive and unavailable to legitimate users, indicat...

CVE-2024-11045

The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....

CVE-2024-12375

The CVE-2024-12375 entry concerns a Local File Inclusion in automatic1111/stable-diffusion-webui, affecting the git version 82a973c. The vulnerability enables an attacker to read arbitrary files on the host by sending a specially crafted request to the application. The CVSS base score is 6.5 (Med...

CVE-2024-12374

CVE-2024-12374 : Stored XSS in automatic1111/stable-diffusion-webui (git 82a973c). An attacker can upload an HTML file that the app treats as content-type application/html; when a victim visits the malicious link, arbitrary JavaScript runs in the browser. Connected documents confirm the vulnerabi...