CVE-2026-6585 TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorization

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

PT-2026-33654

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation id causes authorization...

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

PT-2025-48317

Name of the Vulnerable Software and Affected Versions Cerebrate versions prior to 1.30 Description The UsersController::edit function in Cerebrate allows an authenticated, non-privileged user to escalate their privileges, potentially obtaining a higher role such as administrator. This is achieved...

CVE-2023-26468

Cerebrate 1.12 does not properly consider organisationid during creation of API keys...

Information Disclosure

io.apiman: apiman-manager-api-rest-impl is vulnerable to Information Disclosure. An authenticated attacker is able to gain access to API keys they do not have permission for if they correctly guess the URL which includes Organisation ID, Client ID, and Client Version. Access to the non-permitted...

Design/Logic Flaw

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

PT-2023-21868 · Apiman · Apiman

Name of the Vulnerable Software and Affected Versions: Apiman versions prior to 3.1.0.Final Description: Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may gain access to API keys they do not have permission for if they correctly guess the URL, which...

CVE-2023-26468

Cerebrate 1.12 does not properly consider organisationid during creation of API keys...

PT-2023-20659 · Cerebrate · Cerebrate

Name of the Vulnerable Software and Affected Versions: Cerebrate version 1.12 Description: The issue arises from the improper consideration of organisation id during the creation of API keys. This could potentially lead to unauthorized access or misuse of API keys. Recommendations: For Cerebrate...