Lucene search
K

165 matches found

Cvelist
Cvelist
added 2024/04/10 5:7 p.m.26 views

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7.2AI score0.0095EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:7 p.m.83 views

CVE-2024-3569

The CVE-2024-3569 entry concerns the mintplex-labs/anything-llm repository, where running in 'just me' mode with a password enables a DoS via the validatedRequest middleware when an attacker sends a crafted Authorization header. Public documents describe uncontrolled resource consumption leading ...

7.5CVSS7.4AI score0.00776EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.19 views

CVE-2024-3569 Denial of Service (DoS) Vulnerability in mintplex-labs/anything-llm

A Denial of Service DoS vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the validatedRequest middleware with a specially crafte...

7.5CVSS7.6AI score0.00776EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.15 views

CVE-2024-3569 Denial of Service (DoS) Vulnerability in mintplex-labs/anything-llm

A Denial of Service DoS vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the validatedRequest middleware with a specially crafte...

7.5CVSS6.8AI score0.00776EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.28 views

CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

9.9CVSS9.6AI score0.01EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/25 4:42 p.m.30 views

CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this...

8.1CVSS8.3AI score0.00571EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/25 4:42 p.m.11 views

CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this...

8.1CVSS7AI score0.00571EPSS
Exploits1References2
NVD
NVD
added 2023/10/30 1:15 p.m.19 views

CVE-2023-5833

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...

8.8CVSS8.3AI score0.00633EPSS
Exploits1References2
NVD
NVD
added 2023/10/30 1:15 p.m.16 views

CVE-2023-5832

Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...

9.1CVSS9.4AI score0.0073EPSS
Exploits1References2
Prion
Prion
added 2023/10/30 1:15 p.m.18 views

Improper access control

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...

5.5CVSS8.7AI score0.00633EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/30 12:24 p.m.11 views

CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...

8.1CVSS6.8AI score0.00633EPSS
Exploits1References2
CVE
CVE
added 2023/10/30 12:24 p.m.67 views

CVE-2023-5833

The connected Huntr document provides concrete details for CVE-2023-5833: an improper access control flaw in mintplex-labs/anything-llm prior to 0.1.0 that allows overwriting backend environment variables via the /api/system/update-env endpoint. The vulnerability arises from how KEY_MAPPING expos...

8.8CVSS8.2AI score0.00633EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/10/30 12:24 p.m.21 views

CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...

8.1CVSS8.2AI score0.00633EPSS
Exploits1References4
CVE
CVE
added 2023/10/30 12:24 p.m.53 views

CVE-2023-5832

CVE-2023-5832 affects mintplex-labs/anything-llm prior to 0.1.0. Root cause: improper input validation in the HTTP API that handles a filename parameter, enabling path traversal and, in some reports, arbitrary file deletion (PoC shows deletion of files like ../../server/storage/anythingllm.db). I...

9.1CVSS9.4AI score0.0073EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.7 views

PT-2023-32365 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 0.1.0 Description: The issue is related to improper access control in the GitHub repository mintplex-labs/anything-llm. Recommendations: For versions prior to 0.1.0, update to version 0.1.0 or late...

8.8CVSS8AI score0.00633EPSS
Exploits1References7
NVD
NVD
added 2023/09/12 12:15 a.m.27 views

CVE-2023-4899

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

8.8CVSS8.6AI score0.00649EPSS
Exploits1References2
NVD
NVD
added 2023/09/12 12:15 a.m.27 views

CVE-2023-4898

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

8.2CVSS7.8AI score0.00585EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/11 11:27 p.m.37 views

CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

8.1CVSS9.4AI score0.00649EPSS
Exploits1References2
OSV
OSV
added 2023/09/11 11:27 p.m.29 views

CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

8.1CVSS8.8AI score0.00649EPSS
Exploits1References4
CVE
CVE
added 2023/09/11 11:27 p.m.105 views

CVE-2023-4899

The CVE-2023-4899 entry concerns a SQL Injection vulnerability in mintplex-labs/anything-llm (versions prior to 0.0.1). The Red Hat/NVD/NVD-derived entries align on the vulnerability class, with the Huntr PoC detailing a concrete flaw in the /api/workspace/:slug endpoint where the slug parameter ...

8.8CVSS8.6AI score0.00649EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder