11 matches found
DataEase 跨站脚本漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.19 and earlier contained a cross-site scripting...
EUVD-2025-6850
Malicious code in bioql PyPI...
CVE-2024-9437
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process each...
CVE-2024-9437
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process each...
CVE-2024-9437 Unauthenticated Denial of Service in transformeroptimus/superagi
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process each...
PT-2025-12283 · Superagi · Superagi
Name of the Vulnerable Software and Affected Versions: SuperAGI version v0.0.14 Description: SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end...
SuperAGI 资源管理错误漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A resource management error vulnerability exists in SuperAGI version v0.0.14, which stems from a multi-part boundary character appe...
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
Design/Logic Flaw
A user could use the “Upload Resource” functionality to upload files to any location on the disk...
Stored XSS in resource file uploading
Description The Resources upload feature does not restrict the type of uploaded file. An attacker can upload an html file and the browser still renders it. The CSP is set to default-src 'self' to prevent inline script execution. However, this can be easily bypassed by uploading a .js file then...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...