4 matches found
CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...
CVE-2023-4899
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2024-3102
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
AnythingLLM Input Validation Error Vulnerability
AnythingLLM is a business-compliant document chatbot. An input validation error vulnerability exists in versions of AnythingLLM prior to 0.1.0 that stems from incorrect input validation...