Showing 37 - 48 of 265 resources
Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes
This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.
Remote Code Execution with Spring Boot 3.4.0 Properties
this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.