4 matches found
CVE-2026-6583
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...
CVE-2026-6583 TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...
Cross-site Scripting (XSS)
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the liveedit.modulesettings API endpoint. An attacker can execute arbitrary JavaScript in the context of a user's browser...
PT-2024-21634
Name of the Vulnerable Software and Affected Versions ESPHome versions 2023.12.9 through 2024.2.0 Description A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome allows authenticated remote attackers to read and write arbitrary files under the...