Superagi Security Vulnerabilities and Issues — Superagi CVE List

Lucene search

SuperagiSuperagi

10 matches found

CVE•added 2025/03/20 10:15 a.m.•71 views

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The /get/organisation/ endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This co...

6.5CVSS6.2AI score0.00062EPSS

CVE•added 2025/03/20 10:15 a.m.•62 views

CVE-2024-9418

In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/{id} returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

6.5CVSS6.5AI score0.00048EPSS

CVE•added 2025/03/20 10:15 a.m.•62 views

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.

8.8CVSS9AI score0.00465EPSS

CVE•added 2025/03/20 10:15 a.m.•35 views

CVE-2024-9415

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server.

8.8CVSS9AI score0.00771EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-10267

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all informat...

7.5CVSS7.2AI score0.00073EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-9437

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each ...

7.5CVSS7.5AI score0.00176EPSS

CVE•added 2025/03/20 10:15 a.m.•32 views

CVE-2024-12048

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affec...

8.8CVSS6.7AI score0.00076EPSS

CVE•added 2025/03/20 10:15 a.m.•30 views

CVE-2024-9431

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.

8.8CVSS6.6AI score0.00049EPSS

CVE•added 2023/11/16 6:15 p.m.•18 views

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications.

7.5CVSS7.3AI score0.00174EPSS

CVE•added 2025/06/19 10:15 p.m.•6 views

CVE-2025-6280

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal....

9.8CVSS5.5AI score0.00106EPSS