Security Intel Hub 23479+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Stored XSS in ComfyUI /view via SVG MIME Type Blacklist Bypass

gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: Stored XSS via SVG File Upload in `/view` Endpoint — Incomplete MIME Type Blacklist Bypass **Description**: - The `/view` endpoint in `server.py` attempts to prev…

Prototype Pollution in brikcss merge (CVE-2026-6594)

vuldb.com · 2026-04-20

# Vulnerability Summary: brikcss merge up to 1.3.0 __proto__/constructor.prototype/prototype Prototype Pollution ## Vulnerability Overview - **Vulnerability Name**: Prototype Pollution - **CVE ID**: C…

ComfyUI <= 0.13.0 Stored XSS via SVG MIME Type Bypass

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability ID**: #79114 - **Vulnerability Name**: ComfyUI ` tags in accordance with W3C specifications. The `/upload/image` endpoint accepts `.svg` files without exte…

ComfyUI Stored XSS in /userdata Endpoint via MIME Type Bypass

gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: Stored Cross-Site Scripting (Stored XSS) via `/userdata/{file}` Endpoint — Content-Type Sanitization Bypass **Description**: The `/userdata/{file}` endpoint in `a…

Prototype Pollution in @brikcss/merge 1.3.0

vuldb.com · 2026-04-20

# Vulnerability Summary - **Vulnerability ID**: #791805 - **Vulnerability Name**: brikcss @brikcss/merge 1.3.0 Prototype Pollution - **Submitter**: sudome (UID 96548) - **Submission Time**: 2026-02-28…

ComfyUI <= 0.13.0 Stored XSS in /userdata/file Endpoint

vuldb.com · 2026-04-20

# Vulnerability Overview - **Vulnerability ID**: #791113 - **Vulnerability Name**: ComfyUI alert(document.domain)' # 2. Visit in browser: http://127.0.0.1:8188/userdata/test_xss.html # 3. JavaScript e…

ComfyUI CSRF Bypass and Stored XSS Chain Leading to RCE

gist.github.com · 2026-04-20

# Vulnerability Summary: ComfyUI CSRF Protection Bypass and Stored XSS Chained Attack ## Vulnerability Overview The CSRF protection middleware (`create_origin_only_middleware`) in ComfyUI has a logic …

ComfyUI Path Traversal Vulnerability in /experiment/models/preview Endpoint

gist.github.com · 2026-04-20

# Vulnerability Summary: ComfyUI Path Traversal Vulnerability ## Overview * **Vulnerability Title**: Path traversal vulnerability exists in the `/experiment/models/preview` endpoint of ComfyUI, allowi…

Serge Chat Unauthenticated Model Download Causing Disk Exhaustion

gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: Unauthorized Access to All Model Management Endpoints Leads to Disk Exhaustion and Data Corruption **Description**: All model management API endpoints (`/api/mode…

ComfyUI LoadImage Path Traversal Vulnerability Analysis

gist.github.com · 2026-04-20

# Vulnerability Summary: ComfyUI Path Traversal Vulnerability ## Vulnerability Overview **Title**: Path Traversal via `LoadImage` Node in `/prompt` API **Description**: Unauthorized attackers can expl…

ComfyUI LoadImage Path Traversal Vulnerability (CVE-2026-6591) Advisory

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability Name**: ComfyUI up to 0.13.0 LoadImage Node folder_paths.py folder_paths.get_annotated_filepath Name path traversal - **Vulnerability ID**: CVE-2026-6591 -…

CVE-2026-6588: Missing Authentication in serge-chat API Allows Model Download/Delete

vuldb.com · 2026-04-20

# Vulnerability Summary: serge-chat Model API Endpoint Missing Authentication ## Overview * **Vulnerability Name**: serge-chat 1.4TB Model API Endpoint `model.py` missing authentication for `download_…

serge-chat Missing Authentication for Critical Function (CVE-306)

vuldb.com · 2026-04-20

# Vulnerability Overview **CVE ID**: CVE-306 (VulDB #791089) **Vulnerability Name**: serge-chat serge <= 3cb250c Missing Authentication for Critical Function **Vulnerability Type**: Missing Authentica…

ComfyUI <= 0.13.0 CSRF Bypass via Origin Validation Error Leading to Stored XSS

vuldb.com · 2026-04-20

# Vulnerability Overview - **Vulnerability ID**: Submit #791108 - **Vulnerability Name**: comfyanonymous ComfyUI 0` to evaluate as False, thereby bypassing the CSRF check. An attacker can exploit this…

ComfyUI <= 0.13.0 Path Traversal Vulnerability (CWE-22) Analysis and POC

vuldb.com · 2026-04-20

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: #791112 - **Vulnerability Name**: comfyanonymous ComfyUI /view to exfiltrate the image content. ```

SuperAGI IDOR Vulnerability: Arbitrary Organization Modification via PUT Endpoint

gist.github.com · 2026-04-20

# Vulnerability Summary: IDOR Allows Modifying Any Organization on the Organisation Update Endpoint ## Vulnerability Overview - **Title**: IDOR Allows Modifying Any Organization on the Organisation Up…

SuperAGI IDOR Vulnerability: Unauthorized Read/Modify of Any Organization Budgets

gist.github.com · 2026-04-20

# Vulnerability Summary: IDOR in Budget Endpoints ## Vulnerability Overview - **Title**: IDOR in Budget Endpoints Allows Reading and Modifying Any Organizations Budgets - **Description**: The budget m…

SuperAGI IDOR Vulnerability: Unauthorized Budget Access via User-Controlled Key

vuldb.com · 2026-04-20

### Vulnerability Overview - **Vulnerability ID**: #791077 - **Vulnerability Name**: SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639) - **Vulnerability Type**: Insecur…

Ragas Path Traversal and SSRF via Incomplete CVE-2025-45691 Patch

vuldb.com · 2026-04-20

# Vulnerability Summary ## Overview - **Vulnerability ID**: Submit #791088 - **Vulnerability Title**: Exploding Gradients ragas latest (commit 2b38724) Path Traversal / Server-Side Request Forgery (CW…

SuperAGI API Key Management IDOR Vulnerability Analysis

gist.github.com · 2026-04-20

# Vulnerability Summary: IDOR Vulnerability in API Key Management ## Overview **Title**: IDOR Vulnerability in API Key Management Allows Deletion or Modification of Any Organization’s API Keys. **Desc…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 23479+