6.9
CVE-2026-6594 - brikcss merge prototype pollution
A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vβ¦
5.1
CVE-2026-6593 - ComfyUI View Endpoint server.py cross site scripting
A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made publiβ¦
5.1
CVE-2026-6592 - ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosedβ¦
5.3
CVE-2026-6591 - ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been β¦
5.3
CVE-2026-6590 - ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Theβ¦
5.3
CVE-2026-6589 - ComfyUI server.py create_origin_only_middleware cross-site request forgery
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Theβ¦
6.9
CVE-2026-6588 - serge-chat serge Model API Endpoint model.py delete_model missing authentication
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched reβ¦
5.3
CVE-2026-6587 - vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the arguβ¦
6.5
CVE-2026-29647 - OpenXiangShan NEMU Cross-Context IMSIC State Leakage
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.
4.3
CVE-2026-41285 - Infinite Loop in OpenBSD SLAACD and RAD Daemons Due to Zero-Length ICMPv6 ND Option
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.