Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/29 10:9 p.m.9 views

Malicious Package

Overview @rsi-community/hub-schema is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/09 9:5 p.m.7 views

Malicious code in @rsi-community/hub-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d578b50b6334d8e8034b40a4820513fe79475d3466f3cc9c1bc71a619fc3b0a The package @rsi-community/hub-schema was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/13 9:25 p.m.4 views

CVE-2026-32719 AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

4.2CVSS6AI score0.00388EPSS
Exploits1References2
CVE
CVEadded 2026/03/13 9:25 p.m.21 views

CVE-2026-32719

AnythingLLM (versions

6.4CVSS6AI score0.00388EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/03/13 9:22 p.m.28 views

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS0.00198EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/13 9:22 p.m.0 views

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00198EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.4 views

PT-2026-25396

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00198EPSS
Exploits1References7
Hacker One
Hacker Oneadded 2018/05/13 11:5 a.m.12 views

Valve: resetreportedcount & updatetags doesn't verify appid param

This requires an account that has admin permissions on any community hub & Fiddler not 100% required, but I'll use it for the demonstration. resetreportedcount: Step 1: Go to any UGC in the hub you have admin access on, open Fiddler if you haven't yet, click Clear Reports and click OK on the...

0.4AI score
Exploits0
Rows per page
Query Builder