EUVD-2024-31633

Malicious code in bioql PyPI...

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3025

The CVE-2024-3025 entry affects mintplex-labs/anything-llm, where the logo filename handling allows path traversal due to insufficient input validation. Attackers can reference files outside the restricted directory via the logo upload endpoint, exposing the application’s database and potentially...

PT-2024-23297 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is related to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this by...

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from insufficient validation of user-supplied input in the logo filename feature, which could lead to a path traversal attack...