Lucene search
K

100 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:0 p.m.6 views

CVE-2024-10267

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...

7.5CVSS6.3AI score0.0058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:57 a.m.8 views

CVE-2024-9415

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...

8.8CVSS8AI score0.01332EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.14 views

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This...

6.5CVSS0.00567EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-12048

An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...

8.8CVSS0.00685EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.5 views

CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi

An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...

8.8CVSS8.6AI score0.00685EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.10 views

CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi

An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...

8.8CVSS0.00685EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-9447 Exposure of Sensitive Information in transformeroptimus/superagi

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This...

6.5CVSS6.2AI score0.00567EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:10 a.m.4 views

CVE-2024-9447 Exposure of Sensitive Information in transformeroptimus/superagi

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This...

6.5CVSS6.6AI score0.00567EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.13 views

CVE-2024-9431 Improper Privilege Management in transformeroptimus/superagi

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover...

6.5CVSS0.00583EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-10267 Information Disclosure in transformeroptimus/superagi

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...

7.5CVSS7.2AI score0.0058EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10267 Information Disclosure in transformeroptimus/superagi

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...

7.5CVSS0.0058EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.45 views

CVE-2024-10267

The CVE-2024-10267 entry concerns transformeroptimus/superagi with an information-disclosure bug in the user registration endpoint. An attacker can leak sensitive user data (names, emails, and passwords) by attempting to register with an email already in use, causing the server to return all info...

7.5CVSS7.2AI score0.0058EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-9418 Insufficiently Protected Credentials in transformeroptimus/superagi

In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/id returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover...

6.5CVSS6.5AI score0.00561EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.10 views

CVE-2024-9418 Insufficiently Protected Credentials in transformeroptimus/superagi

In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/id returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover...

6.5CVSS0.00561EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.7 views

CVE-2024-9415 Path Traversal in transformeroptimus/superagi

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...

8.8CVSS9AI score0.01332EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.1 views

CVE-2024-9415 Path Traversal in transformeroptimus/superagi

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...

8.8CVSS7.9AI score0.01332EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-9415 Path Traversal in transformeroptimus/superagi

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...

8.8CVSS0.01332EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.46 views

CVE-2024-9415

CVE-2024-9415 affects transformeroptimus/superagi version 0.0.14, where a path traversal flaw in the file upload functionality allows uploading arbitrary files to the server, potentially leading to remote code execution or overwriting server files. The root cause is improper validation/sanitizati...

8.8CVSS9AI score0.01332EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.4 views

PT-2025-12117 · Unknown · Transformeroptimus/Superagi

Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: An IDOR Insecure Direct Object Reference vulnerability exists, allowing attackers to view, edit, and delete other users' information without proper authorization. The application fails ...

8.8CVSS8.6AI score0.00685EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.4 views

PT-2025-12285 · Unknown · Transformeroptimus/Superagi

Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi affected versions not specified Description: An information disclosure issue exists due to the lack of verification of a user's organization in the /get/organisation/ endpoint, allowing any authenticated user to...

6.5CVSS6.2AI score0.00567EPSS
Exploits1References5
Rows per page
Query Builder