Aggregates CVE and security vulnerability intelligence across all bmaltais-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling and vendor risk command injection; exposure may include vendor impact file overwrite in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-32027 | Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5. | [email protected] | 9.1 | 3.83% | 2024-04-16 | 2025-09-08 |
| CVE-2024-32026 | Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5. | [email protected] | 9.1 | 3.83% | 2024-04-16 | 2025-09-08 |
| CVE-2024-32025 | Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5. | [email protected] | 9.1 | 3.73% | 2024-04-16 | 2025-09-08 |
| CVE-2024-32024 | Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5. | [email protected] | 6.5 | 0.29% | 2024-04-16 | 2025-09-08 |
| CVE-2024-32023 | Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5. | [email protected] | 6.5 | 0.17% | 2024-04-16 | 2025-09-08 |
| CVE-2024-32022 | Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5. | [email protected] | 9.1 | 3.83% | 2024-04-16 | 2025-09-19 |