CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

Design/Logic Flaw

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0...

PT-2020-6752 · Dbi +5 · Dbi +5

Name of the Vulnerable Software and Affected Versions: DBI module through 1.643 for Perl Description: The issue is related to the DBI module for Perl, where the DBD::File drivers can open files from folders other than those specifically passed via the f dir attribute in the data source name DSN...