CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

EUVD-2026-12175

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

CVE-2026-32715

CVE-2026-32715 | AnythingLLM in versions up to 1.11.1 has a privilege bypass where two generic system-preferences endpoints expose manager-level access, bypassing admin-only restrictions. This allows a manager to read plaintext SQL database credentials and overwrite admin-only global settings (e....

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

EUVD-2001-0435

Malware in sbrugna...

EUVD-2007-3176

Malware in sbrugna...

EUVD-2013-0980

Malware in sbrugna...

CVE-2024-7457

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

CVE-2013-5189

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the...

CVE-2024-3028

CVE-2024-3028 affects mintplex-labs/anything-llm. The issue is improper input validation in the system-preferences API where manipulating the logo_filename parameter can cause reading of arbitrary files (including .env) and deletion via remove-logo. Root cause: lack of proper sanitization of user...

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

GHSA-4C5W-QQFG-GRF3 Symphony CMS XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 emailsendmailfromname, 2 emailsendmailfromaddress, 3 emailsmtpfromname, 4 emailsmtpfromaddress, 5...

Symphony CMS XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 emailsendmailfromname, 2 emailsendmailfromaddress, 3 emailsmtpfromname, 4 emailsmtpfromaddress, 5...

Apple macOS Monterey 安全漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A security vulnerability exists in Apple macOS Monterey versions prior to 12.3, which stems from an error in the System Preferences feature. Native applications can spoof system notificatio...

MDM Policy on macOS 12 devices shows as “Unverified”

Current enrolled devices that were upgraded from macOS 11 or earlier to macOS 12 or newly enrolled devices on macOS 12 may show “Unverified” under the macOS device “System Preferences Profiles”...

Apple macOS Unspecified Vulnerability

Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks...

VulnCheck KEV: CVE-2021-30657

Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks...

Apple Tcc Authorization Issues Vulnerabilities

Apple Tcc is a database used by Apple Inc. in the United States to store privacy and security-related settings in System Preferences. Apple Tcc is vulnerable to an authorization issue and the following products and versions are affected: iMac 2014 and later, MacBook 2015 and later, iMac Pro all...