Lucene search
K

198 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-16547

Malicious code in bioql PyPI...

7.7CVSS7.7AI score0.00974EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6987

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00453EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:50 p.m.10 views

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

4.3CVSS6.6AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.12 views

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

4.3CVSS0.00453EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:8 a.m.8 views

CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

4.3CVSS5.9AI score0.00453EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:8 a.m.54 views

CVE-2024-13060

CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...

4.3CVSS4.4AI score0.00453EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.13 views

CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

4.3CVSS0.00453EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.9 views

CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

4.3CVSS4.4AI score0.00453EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in versions prior to AnythingLLM 1.2.2 that stems from a path traversal vulnerability that could lead to unauthorized database file access and deletion...

7.2CVSS6.9AI score0.00826EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in version 6dc3642 of AnythingLLM, which stems from an unauthenticated denial of service in the API embedded in the chat functionality, which allows an attacker to cause the server to crash by...

7.5CVSS7.5AI score0.0064EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

anything-llm 信息泄露漏洞

AnythingLLM is a chatbot application that supports building using commercial or open source big language models combined with a private knowledge base. An information disclosure vulnerability exists in AnythingLLM, which can be exploited to obtain an API key from a process environment variable...

7.5CVSS7AI score0.29187EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in AnythingLLM version 1.3.1, which originates from a user with Default privileges can access another user's profile picture by changing the id parameter in the user's cookie...

4.3CVSS4.9AI score0.00453EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/03/07 12:0 a.m.9 views

The vulnerability of LLM-powered system startups like AnythingLLM, related to shortcomings in authentication procedures, allows attackers to gain unauthorized access to protected information.

The vulnerability of the LLM startup and management system, AnythingLLM, is related to deficiencies in the authentication process when processing the id parameter. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.3CVSS5.5AI score0.00453EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/04 11:41 p.m.12 views

CVE-2024-22422

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...

7.5CVSS7AI score0.01045EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:9 p.m.19 views

CVE-2024-0759

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

7.7CVSS6.9AI score0.00974EPSS
Exploits1References1
Huntr
Huntr
added 2024/12/04 12:5 p.m.10 views

Changing the "ID" parameter in the user cookie allows loading the profile picture of other users

Description A vulnerability has been discovered in AnythingLLM Docker that allows users, even with "Default" permission, to obtain other users' profile pictures. Proof of Concept 1 Create a new user with the default role; 2 Log in to the user account you created; 3 Open the browser inspector and...

4.3CVSS6.7AI score0.00453EPSS
Exploits1
CNVD
CNVD
added 2024/11/26 12:0 a.m.8 views

AnythingLLM Information Disclosure Vulnerability

AnythingLLM is a chatbot application that supports building using commercial or open source big language models combined with a private knowledge base. An information disclosure vulnerability exists in AnythingLLM, which can be exploited to obtain an API key from a process environment variable...

7.5CVSS6.3AI score0.29187EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in versions of AnythingLLM prior to 1.0.3, which stems from sensitive information being incorrectly stored in a JWT used as a token bearer in single-user mode, which when decoded displays the...

7.5CVSS5.8AI score0.00335EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.38 views

AnythingLLM API Sensitive Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

7.5CVSS7.1AI score0.29187EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.4 views

AnythingLLM Security Vulnerability

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the application's failure to limit the size of usernames, which can lead to a denial of service DoS condition due to uncontrolled resource consumption...

7.5CVSS6.6AI score0.00585EPSS
Exploits1References2
Rows per page
Query Builder