6 matches found
EUVD-2026-19637
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...
CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...
CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...
CVE-2026-5627
The CVE-2026-5627 issue affects mintplex-labs/anything-llm up to version 1.9.1, specifically in the AgentFlows component. The vulnerability stems from improper handling of user input in loadFlow and deleteFlow (server/utils/agentFlows/index.js), where path.join combined with normalizePath can byp...
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowid The readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership chec...
EUVD-2021-24817
Malware in sbrugna...