Lucene search
K

198 matches found

OSV
OSV
added 2026/01/26 11:22 p.m.7 views

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/26 11:22 p.m.7 views

EUVD-2026-4732

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.10 views

PT-2026-4834

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.10 views

PT-2026-4837

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin or an attacker who can convince an admin to configure...

7.2CVSS6AI score0.00857EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/03 1:21 a.m.7 views

EUVD-2026-0774

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.5AI score0.00713EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/03 1:21 a.m.16 views

CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS0.00713EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/03 1:21 a.m.1 views

CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.6AI score0.00713EPSS
Exploits1References2
CVE
CVE
added 2026/01/03 1:21 a.m.22 views

CVE-2026-21484

CVE-2026-21484 affects AnythingLLM. The vulnerability stems from the password-recovery endpoint returning different messages based on username existence, enabling username enumeration. The issue is addressed by commit e287fab56089cf8fcea9ba579a3ecdeca0daa313. Public sources (Red Hat, NVD, CVE lis...

5.3CVSS6.6AI score0.00713EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/03 1:21 a.m.3 views

CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.8AI score0.00713EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/03 12:0 a.m.3 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in AnythingLLM that stems from a password recovery endpoint returning a different error message that could lead to username enumeration...

5.3CVSS6.8AI score0.00713EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/03 12:0 a.m.8 views

PT-2026-1141

Name of the Vulnerable Software and Affected Versions AnythingLLM affected versions not specified Description AnythingLLM is an application designed to provide context for Large Language Models LLMs. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery functionality...

5.3CVSS6.7AI score0.00713EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/12/19 12:41 a.m.12 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

5.3CVSS7.1AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 6:30 p.m.5 views

EUVD-2025-204305

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

6.6AI score0.00493EPSS
Exploits0References3
NVD
NVD
added 2025/12/18 4:15 p.m.5 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

5.3CVSS0.00493EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 4:15 p.m.6 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

5.3CVSS7AI score
Exploits0References3
Cvelist
Cvelist
added 2025/12/18 12:0 a.m.32 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

0.00493EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.4 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

6.7AI score0.00493EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52256

Name of the Vulnerable Software and Affected Versions AnythingLLM version 1.8.5 Description An authentication bypass allows unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. The issue is due to missing authentication checks in the...

5.3CVSS6.8AI score0.00493EPSS
Exploits0References6
CVE
CVE
added 2025/12/18 12:0 a.m.21 views

CVE-2025-63390

CVE-2025-63390 affects AnythingLLM v1.8.5 with an authentication bypass via the /api/workspaces endpoint. The endpoint fails to enforce auth, allowing unauthenticated remote attackers to enumerate and retrieve detailed workspace configuration data (ids, names, slugs; AI model configs like chatPro...

5.3CVSS6.7AI score0.00493EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in AnythingLLM version 1.8.5 that stems from an authentication bypass that could lead to unauthorized access to workspace information...

5.3CVSS6.7AI score0.00493EPSS
Exploits0References3
Rows per page
Query Builder