21 matches found
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...
CVE-2026-6613
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...
SuperAGI 安全漏洞
SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of th...
CVE-2026-1664
Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
EUVD-2021-13869
Malware in sbrugna...
Projectworlds Life Insurance Management System 注入漏洞
Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from an incorrect manipulation of the parameter agentid in the file...
CVE-2024-8208
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2022-30001
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agentid=...
CVE-2021-27099
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "awsiid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of ...
CVE-2025-2065
A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agentid leads to sql injection. It is possible to initiate the attack remotely. The exploit...
Projectworlds Life Insurance Management System 注入漏洞
Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the agentid parameter and can lead to SQL...
CVE-2024-8208
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
PT-2024-38872 · Nafisulbari · Insurance Management System
Name of the Vulnerable Software and Affected Versions: nafisulbari/itsourcecode Insurance Management System version 1.0 Description: A vulnerability has been found in the Insurance Management System, affecting an unknown functionality of the file editClient.php. The manipulation of the AGENT ID...
PT-2023-2966 · Faronics · Faronics Insight
Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: The issue allows unauthenticated attackers to view constantly updated screenshots of student desktops without their consent, potentially accessing sensitive or personal data. Attackers can also...
PT-2022-19961 · Unknown · Insurance Management System
Name of the Vulnerable Software and Affected Versions: Insurance Management System version 1.0 Description: The issue allows for SQL Injection via the "/insurance/editAgent.php?agent id=" endpoint, where an attacker can manipulate the agent id variable to inject malicious SQL code. Recommendation...
User with no permissions can brute force agent ID and view agent information
h3. Issue Summary By using the url /agent/viewAgentExecutableEnvironments.action?agentId=, any logged in user, even one with absolutely no permissions, can brute force the agent id and view all the agent's information. The steps below are specific to the researcher's video attached and will likel...
Vulners Cloud Agents for Vulnerability Management
A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...