Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-6593 — ComfyUI View Endpoint server.py cross site scripting

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cros…

Remote | Cross-Site Scripting
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.1 MEDIUM
CVE-2026-6592 — ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulatio…

Remote | Cross-Site Scripting
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.3 MEDIUM
CVE-2026-6591 — ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argum…

Remote | Path Traversal
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.3 MEDIUM
CVE-2026-6590 — ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in…

Remote | Path Traversal
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.3 MEDIUM
CVE-2026-6589 — ComfyUI server.py create_origin_only_middleware cross-site request forgery

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery…

Remote | Cross-Site Request Forgery
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.9 MEDIUM
CVE-2026-6588 — serge-chat serge Model API Endpoint model.py delete_model missing authentication

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API …

Remote | Authentication
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.5 MEDIUM
CVE-2026-6587 — vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_m…

Remote | Server-Side Request Forgery
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.5 MEDIUM
CVE-2026-6586 — TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoi…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.5 MEDIUM
CVE-2026-6585 — TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisat…

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organ…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.5 MEDIUM
CVE-2026-6584 — TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoi…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.5 MEDIUM
CVE-2026-6583 — TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authoriza…

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key …

Remote | Authorization
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6582 — TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_…

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector …

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
9.0 HIGH
CVE-2026-6581 — H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument p…

Remote | Memory Corruption
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6580 — liangliangyy DjangoBlog Amap API Call views.py hard-coded key

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipu…

Remote | Cryptography
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.9 MEDIUM
CVE-2026-6579 — liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing a…

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.3 MEDIUM
CVE-2026-6578 — liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of…

Remote | Misconfiguration
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6577 — liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulati…

Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6576 — liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Int…

Remote | Injection
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
7.5 HIGH
CVE-2026-6574 — osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation…

lightpicture | Remote | Authentication
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
6.5 MEDIUM
CVE-2026-6573 — PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of t…

phpems | Remote | Server-Side Request Forgery
Apr 19, 2026 Apr 19, 2026
Apr 19, 2026
Apr 19, 2026
Showing 20 of 6018 Results