Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4 matches found

NVD
NVDadded 2024/02/27 6:15 a.m.9 views

CVE-2024-0759

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

7.7CVSS7.6AI score0.00408EPSS
Exploits1References2
Prion
Prionadded 2024/02/27 6:15 a.m.17 views

Authentication flaw

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

4CVSS7.3AI score0.00408EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/02/27 5:12 a.m.12 views

CVE-2024-0759 Collection of internally resolving IPs

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

7.7CVSS6.9AI score0.00408EPSS
Exploits1References2
CVE
CVEadded 2024/02/27 5:12 a.m.130 views

CVE-2024-0759

CVE-2024-0759 involves AnythingLLM enabling an attacker with internal-network access and manager/admin privileges to link-scrape IPs of other services on the same network. The root cause is exposure via a link collector that can be used without authentication, allowing internal IP discovery throu...

7.7CVSS7.6AI score0.00408EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder