100 matches found
CVE-2026-6586
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function getbudget/updatebudget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. T...
CVE-2026-6612
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
CVE-2026-6584
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...
CVE-2026-6616
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6583
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...
EUVD-2026-23803
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
EUVD-2026-23789
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
EUVD-2026-23791
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...
CVE-2026-6614
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
CVE-2026-6612
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
CVE-2026-6616
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6615 TransformerOptimus SuperAGI Multipart Upload resources.py upload path traversal
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
CVE-2026-6615
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
CVE-2026-6615 TransformerOptimus SuperAGI Multipart Upload resources.py upload path traversal
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
CVE-2026-6615
CVE-2026-6615 — TransformerOptimus SuperAGI Multipart Upload path traversal Affected: TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the Multipart Upload Handler, specifically the Upload function in superagi/controllers/resources.py. Manipulating the Name argument enables pat...
CVE-2026-6614 TransformerOptimus SuperAGI project.py get_projects_organisation authorization
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
CVE-2026-6614
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
CVE-2026-6614 TransformerOptimus SuperAGI project.py get_projects_organisation authorization
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
CVE-2026-6614
TransformerOptimus SuperAGI
CVE-2026-6613
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...