CVE-2026-6590 ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2024-6590

The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to...

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

CVE-2024-6590 Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to...

CVE-2024-6590 Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to...

WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Plugin <= 3.8.0 is vulnerable to Broken Access Control

Software Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6590 Patch priority Medium CVSS severi...

Oracle Linux 9 : mysql (ELSA-2022-6590)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6590 advisory. 8.0.30-3 - Release bump for rebuild 8.0.30-1 - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, OpenSSL 3, s390 and robin hood - Add ...

RHEL 9 : mysql (RHSA-2022:6590)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6590 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

CVE-2020-6590

CVE-2020-6590 affects Forcepoint Web Security Content Gateway versions prior to 8.5.4, where improper processing of XML input leads to information disclosure. The issue is rooted in XML handling (XML input processing) and can be triggered remotely over the network with low attack complexity; no u...

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec...

CVE-2016-6590

The CVE-2016-6590 issue is a local privilege-escalation caused by loading DLLs during boot/reboot without absolute paths in multiple Symantec products. Affected: IT Management Suite 8.0 (before HF4), ITMS 7.6 (before HF7); Ghost Solution Suite 3.1 (before MP4); Endpoint Virtualization 7.x (before...

CVE-2019-6590

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic...

CVE-2019-6590

CVE-2019-6590 affects BIG-IP LTM (TMM) where SSL Session ID Persistence processing can trigger excessive resource use, leading to a denial-of-service. Affected: BIG-IP LTM 13.0.0–13.0.1 and 12.1.0–12.1.3.6. Root cause: TMM resource exhaustion under certain conditions. Impact: potential memory exh...

F5 Networks BIG-IP : TMM vulnerability (K55101404)

Under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. CVE-2019-6590 Impact BIG-IP This vulnerability may result as a denial-of-service DOS attack on the affected BIG-IP systemwhen the systemconsumes excessive memory resources. This...

CVE-2018-6590

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...

CVE-2018-6590

CA API Developer Portal 4.x (before 4.2.5.3 and before 4.2.7.1) has a reflected cross-site scripting vulnerability. Root cause described as failure to filter HTML in user input; could allow remote attacker to execute arbitrary script in the user’s browser. Remediation: upgrade to 4.2.5.3+ or 4.2....

Cross site request forgery (csrf)

/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted...