|
1181
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoi…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6584
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organ…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6585
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoi…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6586
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_m…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6587
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API …
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-6588
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2026-6589
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in…
|
CWE-22
Path Traversal
|
CVE-2026-6590
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argum…
|
CWE-22
Path Traversal
|
CVE-2026-6591
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulatio…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6592
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cros…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6593
|
2026-04-23 05:22 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
