AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

EUVD-2025-8232

Malicious code in bioql PyPI...

CVE-2025-46741

A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred...

CVE-2025-30351

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...