CVE-2024-0759
CVE-2024-0759 involves AnythingLLM enabling an attacker with internal-network access and manager/admin privileges to link-scrape IPs of other services on the same network. The root cause is exposure via a link collector that can be used without authentication, allowing internal IP discovery throu...