198 matches found
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
EUVD-2026-4732
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
PT-2026-4834
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
PT-2026-4837
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin or an attacker who can convince an admin to configure...
EUVD-2026-0774
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
CVE-2026-21484
CVE-2026-21484 affects AnythingLLM. The vulnerability stems from the password-recovery endpoint returning different messages based on username existence, enabling username enumeration. The issue is addressed by commit e287fab56089cf8fcea9ba579a3ecdeca0daa313. Public sources (Red Hat, NVD, CVE lis...
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in AnythingLLM that stems from a password recovery endpoint returning a different error message that could lead to username enumeration...
PT-2026-1141
Name of the Vulnerable Software and Affected Versions AnythingLLM affected versions not specified Description AnythingLLM is an application designed to provide context for Large Language Models LLMs. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery functionality...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
EUVD-2025-204305
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
CVE-2025-63390
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...
PT-2025-52256
Name of the Vulnerable Software and Affected Versions AnythingLLM version 1.8.5 Description An authentication bypass allows unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. The issue is due to missing authentication checks in the...
CVE-2025-63390
CVE-2025-63390 affects AnythingLLM v1.8.5 with an authentication bypass via the /api/workspaces endpoint. The endpoint fails to enforce auth, allowing unauthenticated remote attackers to enumerate and retrieve detailed workspace configuration data (ids, names, slugs; AI model configs like chatPro...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in AnythingLLM version 1.8.5 that stems from an authentication bypass that could lead to unauthorized access to workspace information...