Lucene search
+L

96 matches found

Circl
Circl
added 2026/04/20 1:30 a.m.4 views

CVE-2026-6591

creationtimestamp| type| source ---|---|--- 2026-04-20 01:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjvczbzwd32f 2026-04-20 04:28:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjvmxmb3x72i...

5.3CVSS5.7AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 1:0 a.m.3 views

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5.2AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:0 a.m.5 views

CVE-2026-6591

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5.2AI score0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 1:0 a.m.37 views

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS0.00366EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/02 11:16 p.m.4 views

CVE-2025-6591

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...

5.9AI score0.00393EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/02/02 11:2 p.m.9 views

CVE-2025-6591

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...

5.2AI score0.00393EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2012-6591

Malware in sbrugna...

9.3CVSS6.4AI score0.0035EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/07/14 12:0 a.m.4 views

MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

8.8CVSS6.3AI score0.00454EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2025/07/14 12:0 a.m.6 views

MediaWiki < 1.39.13, 1.40.x < 1.42.7, 1.43.x < 1.43.2 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

8.8CVSS6.3AI score0.00454EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.7 views

CVE-2024-6591

The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'sendauctionemailcallback' and 'resendauctionemailcallback' functions in all versions up to, and including, 4.2.7. This makes it possible fo...

5.8CVSS5.9AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.7 views

CVE-2023-6591

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.9AI score0.0048EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2014-6591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown...

2.6CVSS6.8AI score0.04297EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2007-6591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as al...

4.3CVSS5.7AI score0.00822EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/29 12:0 a.m.10 views

WordPress Ultimate Auction Plugin <= 4.2.67 is vulnerable to Broken Access Control

Software Ultimate Auction Type Plugin Vulnerable versions = 4.2.67 Fixed in 4.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6591 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 97fe9efdff7a Credits Lucio Sá Required...

5.8CVSS6.5AI score0.00401EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2024/07/27 4:54 a.m.7 views

CVE-2024-6591

creationtimestamp| type| source ---|---|--- 2024-07-27 04:54:46+00:00| seen| https://t.me/cvedetector/1733...

5.8CVSS4.8AI score0.00401EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/27 1:51 a.m.10 views

CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation

The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'sendauctionemailcallback' and 'resendauctionemailcallback' functions in all versions up to, and including, 4.2.7. This makes it possible fo...

5.8CVSS5.9AI score0.00401EPSS
Exploits0References2
Circl
Circl
added 2024/02/12 5:22 p.m.6 views

CVE-2023-6591

creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:05+00:00| seen| https://t.me/ctinow/183278...

4.8CVSS4.8AI score0.0048EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2024/02/12 4:6 p.m.9 views

CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

5.6AI score0.0048EPSS
Exploits3References1
CVE
CVE
added 2024/02/12 4:6 p.m.84 views

CVE-2023-6591

CVE-2023-6591 affects the Popup Box WordPress plugin (before 20.9.0). The issue is due to inadequate sanitization/escaping of settings, enabling stored XSS that could be executed by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Connected sources describe admin+ stor...

4.8CVSS5.8AI score0.0048EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2024/02/12 4:6 p.m.25 views

CVE-2023-6591 Popup Box Pro < 20.9.0 - Admin+ Stored XSS

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

5.8AI score0.0048EPSS
Exploits3References1
Rows per page
Query Builder