Lucene search
K

198 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44545

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00193EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

8.8CVSS6.1AI score0.00366EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

2.5CVSS5.8AI score0.00193EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

2CVSS5.8AI score0.00219EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.10 views

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS5.7AI score0.00301EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 11:16 p.m.35 views

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS0.00301EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/08 11:1 p.m.50 views

CVE-2026-42456 AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS0.00301EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/08 11:1 p.m.13 views

EUVD-2026-28865

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS5.7AI score0.00301EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 11:1 p.m.12 views

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS5.7AI score0.00301EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

AnythingLLM 信息泄露漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a vulnerability related to information leakage. This vulnerability stemmed from the GET /api/workspace/:slug/tts/:chatId route, which verified workspace membership but did not...

4.3CVSS5.8AI score0.00301EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39221

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.12.1 Description An insecure direct object reference IDOR exists in the text-to-speech endpoint. The endpoint "/api/workspace/:slug/tts/:chatId" validates workspace membership but fails to enforce ownership of t...

4.3CVSS5.8AI score0.00301EPSS
Exploits1References8
NVD
NVD
added 2026/04/24 4:16 a.m.8 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS0.00195EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:57 a.m.6 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:57 a.m.34 views

CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS0.00195EPSS
Exploits1References2
CVE
CVE
added 2026/04/24 2:57 a.m.24 views

CVE-2026-41318

AnythingLLM prior to v1.12.1 is vulnerable to stored DOM-based XSS via an unsafe image rendering rule and unsanitized chart captions in the Chartable component. The vulnerability arises because renderMarkdown(...) output is sanitized in all call sites except Chartable, where LLM-generated caption...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

AnythingLLM 跨站脚本漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...

5.4CVSS5.6AI score0.00195EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2026/04/01 12:0 a.m.52 views

VulnCheck KEV: CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.8AI score0.01566EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.9AI score0.00198EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

6.4CVSS6AI score0.00388EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

8.8CVSS6.2AI score0.00299EPSS
Exploits1References1
Rows per page
Query Builder