Lucene search
K

5 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-480 praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members

Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...

9.6CVSS5.8AI score0.00031EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/19 12:41 a.m.11 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

5.3CVSS7.1AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 6:30 p.m.5 views

EUVD-2025-204305

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

6.6AI score0.00493EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 4:15 p.m.5 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

5.3CVSS7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.4 views

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

6.7AI score0.00493EPSS
Exploits0References3
Rows per page
Query Builder