CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an...

7.5CVSS0.0064EPSS

Cvelist•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-10109 Incorrect Authorization in mintplex-labs/anything-llm

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...

8.3CVSS0.00488EPSS

CVE•added 2025/03/20 10:9 a.m.•48 views

CVE-2024-10109

CVE-2024-10109 affects the mintplex-labs/anything-llm repository (commit 5c40419). Affected component: API endpoint /api/system/custom-models, exposed to low-privilege users. Root cause described as insufficient authorization allowing access to a sensitive endpoint, enabling modification of the m...

8.3CVSS8.1AI score0.00488EPSS

RedhatCVE•added 2025/02/12 7:26 p.m.•7 views

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS7.8AI score0.19777EPSS

Exploits1References1

Cvelist•added 2024/10/29 12:49 p.m.•26 views

CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT JSON Web Token used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of...

5.9CVSS0.00335EPSS

NVD•added 2024/08/12 1:38 p.m.•20 views

CVE-2024-3279

An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of...

9.1CVSS0.00648EPSS

Vulnrichment•added 2024/08/09 12:0 a.m.•14 views

CVE-2024-3279 Improper Access Control in mintplex-labs/anything-llm

9.1CVSS6.7AI score0.00648EPSS

CVE•added 2024/08/09 12:0 a.m.•59 views

CVE-2024-3279

The CVE concerns mintplex-labs/anything-llm, specifically the import endpoint. An improper access control flaw allegedly allows anonymous, unauthenticated users to import their own database file, potentially deleting or spoofing the existing anythingllm.db and enabling serving malicious data or c...

9.1CVSS9AI score0.00648EPSS

Cvelist•added 2024/08/09 12:0 a.m.•24 views

CVE-2024-3279 Improper Access Control in mintplex-labs/anything-llm

9.1CVSS0.00648EPSS

CVE•added 2024/06/25 10:29 a.m.•54 views

CVE-2024-5216

CVE-2024-5216 affects mintplex-labs/anything-llm. The root cause is the application not limiting the size of usernames, enabling a DoS through denial of service via extremely large username values. Resulting impact is an unresponsive user management panel, preventing admins from editing, suspendi...

7.5CVSS7.5AI score0.00585EPSS

Vulnrichment•added 2024/06/25 10:29 a.m.•20 views

CVE-2024-5216 Denial of Service in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service DoS condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the...

7.5CVSS7AI score0.00585EPSS

Cvelist•added 2024/06/25 10:29 a.m.•26 views

CVE-2024-5216 Denial of Service in mintplex-labs/anything-llm

7.5CVSS0.00585EPSS

OSV•added 2024/06/19 6:15 a.m.•20 views

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

6.5CVSS6.9AI score

NVD•added 2024/06/19 6:15 a.m.•34 views

CVE-2024-5208

6.5CVSS0.00618EPSS

Cvelist•added 2024/06/19 6:13 a.m.•46 views

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

6.5CVSS0.00618EPSS

Vulnrichment•added 2024/06/19 6:13 a.m.•15 views

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

6.5CVSS7.2AI score0.00618EPSS

OSV•added 2024/06/06 7:16 p.m.•17 views

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

6.5CVSS6.7AI score

OSV•added 2024/06/06 7:16 p.m.•16 views

CVE-2024-3150

In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...

8.8CVSS7.1AI score

OSV•added 2024/06/06 7:16 p.m.•15 views

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

8.8CVSS6.9AI score