Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 20 April 2026
RSS11 vulnerabilities published on 20 April 2026
Severity:
Brikcss Merge (up to 1.3.0) Allows Remote Attackers to Modify Object Attributes
CVE-2026-6594
A security issue in Brikcss Merge versions 1.3.0 and earlier allows hackers to remotely manipulate certain parts of the software. This could lead to unexpected behavior or compromised data. Update to ...
6.9
Serge API Model Endpoint Missing Authentication Risk
CVE-2026-6588
A security weakness in Serge API Model Endpoint can allow attackers to bypass authentication and access sensitive data remotely. This vulnerability has been made publicly available and can be exploite...
6.9
Vibrantlabsai RAGAS allows remote attackers to forge server requests
CVE-2026-6587
A security flaw in vibrantlabsai RAGAS version 0.4.3 or earlier allows an attacker to trick the system into making unauthorized requests on behalf of the server. This could be used to access sensitive...
5.3
TransformerOptimus SuperAGI Allows Unauthorized Access to Budget Data
CVE-2026-6586
A security issue in TransformerOptimus SuperAGI allows an attacker to bypass authorization checks and potentially access budget data without permission. This could happen if an attacker exploits a pub...
5.3
TransformerOptimus SuperAGI update_organisation function allows unauthorized access
CVE-2026-6585
A security issue in TransformerOptimus SuperAGI versions up to 0.0.14 allows attackers to bypass authorization controls for updating organisation data. This means an attacker can potentially make chan...
5.3
TransformerOptimus SuperAGI allows unauthorized access to user data
CVE-2026-6584
A weakness in TransformerOptimus SuperAGI, a popular AI software, allows an attacker to access user data without proper authorization. This means someone with malicious intent can potentially gain acc...
5.3
ComfyUI: Malicious files can be accessed by attackers
CVE-2026-6591
A vulnerability in ComfyUI versions up to 0.13.0 allows an attacker to access files outside of their intended path. This could lead to unauthorized access to sensitive information. Update ComfyUI to t...
5.3
ComfyUI Model Preview Endpoint Allows Remote Path Traversal
CVE-2026-6590
A flaw in ComfyUI version 0.13.0 and earlier allows attackers to access unintended files on the server. This could lead to sensitive data being exposed or malicious code being executed. Update to the ...
5.3
ComfyUI Vulnerability: Cross-Site Request Forgery Possible
CVE-2026-6589
ComfyUI versions up to 0.13.0 are vulnerable to a cross-site request forgery attack, which can be initiated remotely. This means that an attacker could potentially trick users into performing unintend...
5.3
ComfyUI 0.13.0 Allows Remote Cross-Site Scripting
CVE-2026-6593
A bug in ComfyUI's file server.py in the View Endpoint can be exploited remotely, allowing an attacker to inject malicious code. This can be done by manipulating the affected functionality, and exploi...
5.1
ComfyUI: User Data Exposed to Attack via Malicious Code Injection
CVE-2026-6592
A security flaw in ComfyUI's user data management system allows an attacker to inject malicious code, potentially stealing or manipulating sensitive user information. This could happen if you're using...
5.1