Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CVE
CVEadded 2026/03/13 9:22 p.m.2 views

CVE-2026-32715

CVE-2026-32715 | AnythingLLM in versions up to 1.11.1 has a privilege bypass where two generic system-preferences endpoints expose manager-level access, bypassing admin-only restrictions. This allows a manager to read plaintext SQL database credentials and overwrite admin-only global settings (e....

3.8CVSS5.8AI score0.00047EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/13 9:22 p.m.2 views

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00047EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.1 views

PT-2026-25396

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

3.8CVSS5.8AI score0.00047EPSS
Exploits1References7
Rows per page
Query Builder