100 matches found
CVE-2024-10267
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...
CVE-2024-9415
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...
CVE-2024-9447
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-9447 Exposure of Sensitive Information in transformeroptimus/superagi
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This...
CVE-2024-9447 Exposure of Sensitive Information in transformeroptimus/superagi
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This...
CVE-2024-9431 Improper Privilege Management in transformeroptimus/superagi
In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover...
CVE-2024-10267 Information Disclosure in transformeroptimus/superagi
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...
CVE-2024-10267 Information Disclosure in transformeroptimus/superagi
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...
CVE-2024-10267
The CVE-2024-10267 entry concerns transformeroptimus/superagi with an information-disclosure bug in the user registration endpoint. An attacker can leak sensitive user data (names, emails, and passwords) by attempting to register with an email already in use, causing the server to return all info...
CVE-2024-9418 Insufficiently Protected Credentials in transformeroptimus/superagi
In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/id returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover...
CVE-2024-9418 Insufficiently Protected Credentials in transformeroptimus/superagi
In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/id returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover...
CVE-2024-9415 Path Traversal in transformeroptimus/superagi
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...
CVE-2024-9415 Path Traversal in transformeroptimus/superagi
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...
CVE-2024-9415 Path Traversal in transformeroptimus/superagi
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...
CVE-2024-9415
CVE-2024-9415 affects transformeroptimus/superagi version 0.0.14, where a path traversal flaw in the file upload functionality allows uploading arbitrary files to the server, potentially leading to remote code execution or overwriting server files. The root cause is improper validation/sanitizati...
PT-2025-12117 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: An IDOR Insecure Direct Object Reference vulnerability exists, allowing attackers to view, edit, and delete other users' information without proper authorization. The application fails ...
PT-2025-12285 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi affected versions not specified Description: An information disclosure issue exists due to the lack of verification of a user's organization in the /get/organisation/ endpoint, allowing any authenticated user to...