Lucene search
K

198 matches found

CNNVD
CNNVD
added 2024/02/26 12:0 a.m.3 views

AnythingLLM Security Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a security vulnerability that stems from insufficient password checking...

7.1CVSS7AI score0.0048EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.6 views

PT-2024-15799 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: If an instance of AnythingLLM is hosted on an internal network and the attacker is granted a permission level of manager or admin, they could link-scrape internally to resolve IPs of...

7.7CVSS6.7AI score0.00974EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.3 views

AnythingLLM Code Issue Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a code issue vulnerability that stems from the presence of a server-side request forgery vulnerability. The vulnerability can be exploited to obtain AWS server data...

9.9CVSS7.1AI score0.00813EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.5 views

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in AnythingLLM that originates from a user with default privileges being able to delete documents uploaded by an administrator through certain actions...

8.1CVSS6.7AI score0.00571EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.5 views

AnythingLLM Cross-Site Scripting Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from a cross-site scripting vulnerability that originates from injecting cross-site scripting into the chat box...

8.1CVSS6.2AI score0.00473EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. AnythingLLM has a security vulnerability that stems from the lack of any validation and is capable of including malicious links into submitted document links in the workspace...

9.6CVSS6.8AI score0.00636EPSS
Exploits1References3
CVE
CVE
added 2024/02/25 8:10 a.m.125 views

CVE-2024-0455

CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...

9.9CVSS9.4AI score0.00813EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/01/19 1:15 a.m.31 views

CVE-2024-22422

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...

7.5CVSS7.6AI score0.01045EPSS
Exploits1References2
Prion
Prion
added 2024/01/19 1:15 a.m.17 views

Directory traversal

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...

5CVSS7.3AI score0.01045EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/01/19 12:18 a.m.76 views

CVE-2024-22422

CVE-2024-22422 affects AnythingLLM. The vulnerability is in the public, unauthenticated data-export API route that uses the filename parameter to export files. A crafted input can bypass directory-filtering and crash the server when the export is deleted, yielding an unauthenticated Denial of Ser...

7.5CVSS7.5AI score0.01045EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/19 12:18 a.m.34 views

CVE-2024-22422 Unauthenticated Denial of Service (DOS) attack in AnythingLLM

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...

7.5CVSS7.8AI score0.01045EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/19 12:18 a.m.16 views

CVE-2024-22422 Unauthenticated Denial of Service (DOS) attack in AnythingLLM

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...

7.5CVSS7.2AI score0.01045EPSS
Exploits1References2
OSV
OSV
added 2024/01/19 12:18 a.m.25 views

CVE-2024-22422 Unauthenticated Denial of Service (DOS) attack in AnythingLLM

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...

7.5CVSS7.4AI score0.01045EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.6 views

AnythingLLM Code Issue Vulnerability

AnythingLLM is a document chatbot that meets business requirements. A code issue vulnerability exists in AnythingLLM. An attacker exploited the vulnerability to cause a server crash, resulting in a denial of service...

7.5CVSS6.9AI score0.01045EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.3 views

AnythingLLM Access Control Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. An Access Control Error vulnerability exists in versions prior to AnythingLLM 0.1.0 that stems from incorrect access control...

8.8CVSS6.7AI score0.00633EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.14 views

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in versions of AnythingLLM prior to 0.0.1 that stems from the presence of relative path traversal...

9.8CVSS6.7AI score0.00752EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.8 views

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in versions of AnythingLLM prior to 0.0.1 that stems from the presence of an authentication bypass...

8.2CVSS6.9AI score0.00585EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.5 views

AnythingLLM SQL Injection Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM versions prior to 0.0.1 suffer from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks...

8.8CVSS7.9AI score0.00649EPSS
Exploits1References4
Rows per page
Query Builder