Lucene search
K

165 matches found

Vulnrichment
Vulnrichment
added 2024/05/06 11:42 p.m.21 views

CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.8AI score0.00325EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/06 11:42 p.m.21 views

CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.5AI score0.00325EPSS
Exploits1References1
CVE
CVE
added 2024/05/06 11:42 p.m.81 views

CVE-2024-2913

CVE-2024-2913 affects mintplex-labs/anything-llm in the user invite acceptance flow. Root cause: lack of validation for concurrent requests creates a race condition that lets multiple accounts be created from a single invite link intended for one user. Impact: unauthorized user creation without d...

6.5CVSS6.6AI score0.00325EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.21 views

CVE-2024-0549 Relative Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...

8.1CVSS6.8AI score0.00819EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.15 views

CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logofilename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the...

7.2CVSS7AI score0.00834EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.23 views

CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logofilename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the...

7.2CVSS7.1AI score0.00834EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.16 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS6.8AI score0.00783EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.15 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9.3AI score0.00783EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:0 a.m.20 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS7.2AI score0.00783EPSS
Exploits1References4
NVD
NVD
added 2024/04/10 5:15 p.m.15 views

CVE-2024-3569

A Denial of Service DoS vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the validatedRequest middleware with a specially crafte...

7.5CVSS7.4AI score0.00776EPSS
Exploits1References2
NVD
NVD
added 2024/04/10 5:15 p.m.10 views

CVE-2024-3570

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

5.4CVSS3.5AI score0.00313EPSS
Exploits1References2
NVD
NVD
added 2024/04/10 5:15 p.m.16 views

CVE-2024-3101

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

7.2CVSS6.6AI score0.00778EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.16 views

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

5.7AI score0.00313EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:8 p.m.92 views

CVE-2024-3570

The CVE-2024-3570 entry affects the chat functionality of mintplex-labs/anything-llm. It describes a stored XSS flaw where user and ChatBot input are not properly sanitized, specifically via dangerouslySetInnerHTML, allowing attackers to execute arbitrary JavaScript in a user’s session. Impacted ...

5.4CVSS3.9AI score0.00313EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/04/10 5:8 p.m.10 views

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

6.2AI score0.00313EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.14 views

CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

6.7CVSS7.2AI score0.00778EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:8 p.m.18 views

CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

6.7CVSS6.8AI score0.00778EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.15 views

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7.2AI score0.0095EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.28 views

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7.2AI score0.0095EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:7 p.m.121 views

CVE-2024-3283

CVE-2024-3283 concerns mintplex-labs/anything-llm. A mass-assignment flaw in the /admin/system-preferences endpoint lets users with the Manager role modify the multi_user_mode variable, enabling access to /api/system/enable-multi-user and the creation of a new admin user. The root cause is the en...

7.2CVSS7AI score0.0095EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder