EUVD-2021-2108

Malware in sbrugna...

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

CVE-2024-6842

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

CVE-2024-6842

AnythingLLM (mintplex-labs/anything-llm) version 1.5.5 contains an information-disclosure vulnerability via the /setup-complete (or /api/setup-complete) endpoint, allowing remote, unauthenticated access to currentSettings that can include sensitive API keys for search engines. This enables potent...

CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm

In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...

The last error in swap.go#swapCoins() was not handled correctly.

Lines of code Vulnerability details Impact If the last statement of the swapCoins function returns an error, the swap is only half completed, i.e. only the user's assets are deducted transferred to the pool, but the user's bought assets are not sent to the user, resulting in a loss of the user's...

Attacker may front-run acceptCounterOffer() cause users to take both original order and new one

Lines of code Vulnerability details Impact Function PuttyV2.acceptCounterOffer is used in case users see better deal and want to cancel their own order before filling the new one. But attacker can abuse this function by front-run calling fillOrder before it is cancelled in acceptCounterOffer...

buyAndSwap1155WETH() function may cause loss of user assets

Handle cccz Vulnerability details Impact In the NFTXMarketplaceZap.sol contract, the buyAndSwap1155WETH function uses the WETH provided by the user to exchange VaultToken, but when executing the buyVaultToken method, msg.value is used instead of maxWethIn. Since msg.value is 0, the call will fail...

All user assets which are approved to VaderPoolV2 may be stolen

Handle TomFrench Vulnerability details Impact Total loss of funds which have been approved on VaderPoolV2 Proof of Concept VaderPoolV2 allows minting of fungible LP tokens with the mintFungible function Crucially this function allows a user supplied value for from which specifies where the...

ManageEngine ServiceDesk Plus 9.2 Build 9207 Information Disclosure Vulnerability

Exploit for jsp platform in category web applications Title: ManageEngine ServiceDesk Plus Low Privileged User View All Tickets Date: 18 October 2016 Author: p0z Vendor: ManageEngine Vendor Homepage: https://www.manageengine.com/ Product: ServiceDesk Plus Version: 9.2 Build 9207 Other versions...