96 matches found
CVE-2026-6591
creationtimestamp| type| source ---|---|--- 2026-04-20 01:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjvczbzwd32f 2026-04-20 04:28:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjvmxmb3x72i...
CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-6591
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2025-6591
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-6591
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...
EUVD-2012-6591
Malware in sbrugna...
MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2024-6591
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'sendauctionemailcallback' and 'resendauctionemailcallback' functions in all versions up to, and including, 4.2.7. This makes it possible fo...
CVE-2023-6591
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Linux Distros Unpatched Vulnerability : CVE-2014-6591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown...
Linux Distros Unpatched Vulnerability : CVE-2007-6591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as al...
WordPress Ultimate Auction Plugin <= 4.2.67 is vulnerable to Broken Access Control
Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.67 Fixed in 4.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6591 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 97fe9efdff7a Credits Lucio Sá Required...
CVE-2024-6591
creationtimestamp| type| source ---|---|--- 2024-07-27 04:54:46+00:00| seen| https://t.me/cvedetector/1733...
CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'sendauctionemailcallback' and 'resendauctionemailcallback' functions in all versions up to, and including, 4.2.7. This makes it possible fo...
CVE-2023-6591
creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:05+00:00| seen| https://t.me/ctinow/183278...
CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-6591
CVE-2023-6591 affects the Popup Box WordPress plugin (before 20.9.0). The issue is due to inadequate sanitization/escaping of settings, enabling stored XSS that could be executed by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Connected sources describe admin+ stor...
CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...