Vuldb Updates

A vulnerability described as critical has been identified in thttpd HTTP Server up to 2.03. This affects an unknown function of the component HTTP GET Handler. Such manipulation as part of Slash Character leads to improper privilege management. This vulnerability is listed as CVE-1999-1456. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Sean Macguire Big Brother 1.09b/1.09c. This impacts an unknown function of the file bb-hist.sh of the component History Module. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-1999-1462. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco IOS 11.1cc/11.1ct. Affected is an unknown function of the component Distributed Fast Switching Handler. Executing a manipulation can lead to improper privilege management. This vulnerability is registered as CVE-1999-1464. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Cisco IOS 11.3. Affected by this vulnerability is an unknown functionality of the component Distributed Fast Switching Handler. The manipulation leads to improper privilege management. This vulnerability is documented as CVE-1999-1465. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Microsoft Internet Explorer 4.0. Affected by this issue is some unknown functionality of the component DHTML Handler. The manipulation of the argument iframe results in improper privilege management. This vulnerability is reported as CVE-1999-1472. The attack can be launched remotely. Moreover, an exploit is present. You should upgrade the affected component.

A vulnerability has been found in Microsoft Internet Explorer 3.0.2/4.0 and classified as critical. This affects an unknown part of the component Redirect Handler. This manipulation causes information disclosure (Password). This vulnerability appears as CVE-1999-1473. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability was found in Microsoft PowerPoint 95/97 and classified as critical. This vulnerability affects unknown code of the component Slide Show Handler. Such manipulation leads to improper privilege management. This vulnerability is traded as CVE-1999-1474. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Intel Pentium MMX/Override on Windows. It has been classified as problematic. This issue affects the function CMPXCHG8B. Performing a manipulation results in denial of service. This vulnerability is known as CVE-1999-1476. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in AMaViS Virus Scanner 0.2.0-pre4. The impacted element is an unknown function of the component Mail Handler. The manipulation results in improper privilege management. This vulnerability was named CVE-1999-1512. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Sun SunOS 4.1.1/4.1.2/4.1.3/4.1.3c. This affects an unknown function of the file loadmodule/modload of the component modload. This manipulation as part of Environment Variable causes improper privilege management. The identification of this vulnerability is CVE-1999-1584. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability labeled as problematic has been found in Sun Solaris 2.0. This impacts an unknown function of the component rcS/mountall. Such manipulation leads to improper privilege management. This vulnerability is referenced as CVE-1999-1585. The attack can only be performed from a local environment. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability marked as critical has been reported in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. This vulnerability is known as CVE-2026-6581. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. This vulnerability was named CVE-2026-6584. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypass. The identification of this vulnerability is CVE-2026-6585. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2026-6583. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2026-6586. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in vibrantlabsai RAGAS up to 0.4.3 and classified as critical. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argument retrieved_contexts results in server-side request forgery. This vulnerability is identified as CVE-2026-6587. The attack can be initiated remotely. Additionally, an exploit exists. The security patch for CVE-2025-45691 was applied to a different module only. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ComfyUI up to 0.13.0. It has been classified as problematic. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2026-6589. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ComfyUI up to 0.13.0. It has been declared as critical. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-6590. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ComfyUI up to 0.13.0. It has been rated as critical. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. This vulnerability is registered as CVE-2026-6591. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.