Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

192 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2.5CVSS5.4AI score0.00018EPSS
Exploits1References1
NVD
NVDadded 2026/05/28 10:17 p.m.8 views

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

8.8CVSS0.00058EPSS
Exploits1References2
NVD
NVDadded 2026/05/28 10:17 p.m.7 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2.5CVSS0.00018EPSS
Exploits1References2
CVE
CVEadded 2026/05/28 9:20 p.m.30 views

CVE-2026-47713

Summary of CVE-2026-47713 : AnythingLLM prior to version 1.13.0 allowed a mobile device token created in single-user mode to survive the migration to multi-user mode without an attached user. In multi-user mode, the mobile authentication middleware accepted this token, causing downstream handlers...

4.3CVSS5.8AI score0.00033EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/28 9:20 p.m.26 views

CVE-2026-47713 AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user - multi-user migration even when the device record has userId = null. In...

2CVSS0.00033EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/28 9:19 p.m.28 views

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

7.5CVSS0.00058EPSS
Exploits1References2
CVE
CVEadded 2026/05/28 9:19 p.m.23 views

CVE-2026-48116

AnythingLLM CVE-2026-48116: Prior to 1.13.0, the filesystem-search-files agent passes a user-controlled pattern to ripgrep as a positional argument without a -- end-of-options separator. ripgrep interprets arguments starting with - as options, so a pattern like --pre=/bin/sh can execute /bin/sh f...

8.8CVSS6AI score0.00058EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 9:19 p.m.7 views

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

7.5CVSS6AI score0.00058EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/28 9:19 p.m.6 views

EUVD-2026-33068

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

7.5CVSS6AI score0.00058EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/28 9:18 p.m.28 views

CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS0.00018EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:18 p.m.9 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

5.8AI score0.00018EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/05/28 9:18 p.m.8 views

EUVD-2026-33067

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00018EPSS
Exploits1References2
CVE
CVEadded 2026/05/28 9:18 p.m.20 views

CVE-2026-45403

Summary of CVE-2026-45403 : AnythingLLM’s agent filesystem copy tool (prior to v1.13.0) validates only the top-level source/destination. The recursive copy helper traverses child entries with fs.stat() and copies via fs.copyFile() without validating each child or rejecting symlinks. A symlink ins...

2.5CVSS5.8AI score0.00018EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 9:18 p.m.7 views

CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00018EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.5 views

PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

8.8CVSS6.1AI score0.00058EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.6 views

AnythingLLM 参数注入漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 had a parameter injection vulnerability. This vulnerability stemmed from the filesystem-search-files proxy skill directly passing mode parameters controlled by the LLM as position paramete...

8.8CVSS6.1AI score0.00058EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.8 views

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

2.5CVSS5.8AI score0.00018EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.6 views

PT-2026-44545

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00018EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

2CVSS5.8AI score0.00033EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/05/11 8:26 p.m.5 views

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

4.3CVSS5.7AI score0.0001EPSS
Exploits1References1
Rows per page
Query Builder