160 matches found
EUVD-2025-7030
Malicious code in bioql PyPI...
EUVD-2025-6850
Malicious code in bioql PyPI...
EUVD-2023-52141
Malicious code in bioql PyPI...
EUVD-2025-6842
Malicious code in bioql PyPI...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51472
Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...
CVE-2025-51472
Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...
PT-2025-30457 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: TransformerOptimus SuperAGI version 0.0.14 Description: A code injection issue exists in AgentTemplate.eval agent config within TransformerOptimus SuperAGI version 0.0.14. This allows remote attackers to execute arbitrary Python code by...
SuperAGI 路径遍历漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version 0.0.14, which stems from an arbitrary file overwrite vulnerability in...
CVE-2025-51472
Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
The CVE-2025-51475 entry affects TransformerOptimus SuperAGI v0.0.14, specifically the file upload path handling in superagi.controllers.resources.upload. A directory-traversal flaw in os.path.join() and missing validation in get_root_input_dir() can allow an attacker to overwrite arbitrary files...
PT-2025-30455 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: TransformerOptimus SuperAGI version 0.0.14 Description: An arbitrary file overwrite issue exists in the superagi.controllers.resources.upload component. This allows remote attackers to overwrite arbitrary files by submitting unsanitized...
SuperAGI 命令注入漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. It is used to build components, tools, frameworks and models to implement open source AGI. A security vulnerability exists in SuperAGI version 0.0.14, which stems from a code injection vulnerability in...
CVE-2025-51472
Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...
CVE-2025-6280
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function downloadattachment of the file SuperAGI/superagi/helper/reademail.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal...
CVE-2025-6280 TransformerOptimus SuperAGI EmailToolKit read_email.py download_attachment path traversal
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function downloadattachment of the file SuperAGI/superagi/helper/reademail.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal...
CVE-2025-6280 TransformerOptimus SuperAGI EmailToolKit read_email.py download_attachment path traversal
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function downloadattachment of the file SuperAGI/superagi/helper/reademail.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal...
SuperAGI 路径遍历漏洞
SuperAGI is an open source infrastructure application from SuperAGI Open Source. It is used to build components, tools, frameworks and models to implement open source AGI. A path traversal vulnerability exists in SuperAGI 0.0.14 and earlier versions, which stems from a path traversal in the file...