4 matches found
CVE-2024-9431
In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover...
CVE-2024-9437
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process each...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
PT-2025-12282 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: The issue is related to improper privilege management. After logging into the system, users can change the passwords of other users, which could lead to account takeover. Recommendation...