Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2024-12048

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.

Published: Mar 20, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-12048
Exploit:

No technical information available.

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
superagi / superagi	0.0.14	0.0.14.x

https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo