PT-2026-33652

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete api key/edit api key of the file superagi/controllers/api key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be...

GHSA-F8H9-7RPQ-7QCC Magento Filter extension bypass via crafted store configuration keys

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious uploa...

Unauthorized Access

loopback-datasource-juggler is vulnerable to unauthorized access. The library does not properly enforce foreign key editing, allowing a malicious user to access and edit the ownership of foreign keys of arbitrary records. This only affects databases with many-to-many relationships...

Microsoft Windows NT 4.0 - DCOM Server

source: https://www.securityfocus.com/bid/624/info It is possible for a local user to modify how DCOM servers are run, thereby escalating his/her privilege level. The Interactive User has write permissions to the DCOM registry entries. By editing the registry keys associated with DCOM server...