All 4 CVE vulnerabilities found in Diffusers, with AI-generated Chinese analysis, references, and POCs.
Vendor: Hugging Face
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-45804 | Diffusers: TOCTOU Trust Remote Code Bypass CWE-367 | 7.5 | High | 2026-07-15 |
| CVE-2026-44827 | Diffusers: None.py Trust Remote Code Bypass CWE-94 | 8.8 | High | 2026-05-14 |
| CVE-2026-44513 | Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components CWE-94 | 8.8 | High | 2026-05-14 |
| CVE-2025-14922 | Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502 | 7.8AI | HighAI | 2025-12-23 |
All 4 known CVE vulnerabilities affecting Diffusers with full Chinese analysis, references, and POCs where available.