VYPR

Automatic1111/stable Diffusion Webui

by Automatic1111

Source repositories

CVEs (7)

  • CVE-2024-11045CriMar 20, 2025
    risk 0.62cvss 9.6epss 0.00

    A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections…

  • CVE-2024-10935HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end…

  • CVE-2024-12375MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the application.

  • CVE-2024-12074MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an…

  • CVE-2024-12374MedMar 20, 2025
    risk 0.40cvss 6.1epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute…

  • CVE-2024-11044MedMar 20, 2025
    risk 0.40cvss 6.1epss 0.01

    An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute…

  • CVE-2024-31462MedApr 12, 2024
    risk 0.34cvss 6.3epss 0.01

    stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input…