198 matches found
EUVD-2024-16547
Malicious code in bioql PyPI...
EUVD-2025-6987
Malicious code in bioql PyPI...
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060
CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in versions prior to AnythingLLM 1.2.2 that stems from a path traversal vulnerability that could lead to unauthorized database file access and deletion...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in version 6dc3642 of AnythingLLM, which stems from an unauthenticated denial of service in the API embedded in the chat functionality, which allows an attacker to cause the server to crash by...
anything-llm 信息泄露漏洞
AnythingLLM is a chatbot application that supports building using commercial or open source big language models combined with a private knowledge base. An information disclosure vulnerability exists in AnythingLLM, which can be exploited to obtain an API key from a process environment variable...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in AnythingLLM version 1.3.1, which originates from a user with Default privileges can access another user's profile picture by changing the id parameter in the user's cookie...
The vulnerability of LLM-powered system startups like AnythingLLM, related to shortcomings in authentication procedures, allows attackers to gain unauthorized access to protected information.
The vulnerability of the LLM startup and management system, AnythingLLM, is related to deficiencies in the authentication process when processing the id parameter. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2024-22422
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
CVE-2024-0759
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...
Changing the "ID" parameter in the user cookie allows loading the profile picture of other users
Description A vulnerability has been discovered in AnythingLLM Docker that allows users, even with "Default" permission, to obtain other users' profile pictures. Proof of Concept 1 Create a new user with the default role; 2 Log in to the user account you created; 3 Open the browser inspector and...
AnythingLLM Information Disclosure Vulnerability
AnythingLLM is a chatbot application that supports building using commercial or open source big language models combined with a private knowledge base. An information disclosure vulnerability exists in AnythingLLM, which can be exploited to obtain an API key from a process environment variable...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in versions of AnythingLLM prior to 1.0.3, which stems from sensitive information being incorrectly stored in a JWT used as a token bearer in single-user mode, which when decoded displays the...
AnythingLLM API Sensitive Information Disclosure
AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...
AnythingLLM Security Vulnerability
AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the application's failure to limit the size of usernames, which can lead to a denial of service DoS condition due to uncontrolled resource consumption...