Mintplexlabs Security Vulnerabilities (CVEs)

This vulnerability in AnythingLLM allows attackers to determine whether specific usernames exist in the system by observing different error messages f...

An authentication bypass vulnerability in AnythingLLM v1.8.5 allows unauthenticated attackers to enumerate and retrieve detailed information about all...

A path traversal vulnerability in the normalizePath function of mintplex-labs/anything-llm allows attackers to read and write arbitrary files within t...

This vulnerability allows unauthenticated attackers to crash the Anything-LLM server by sending malformed JSON payloads to the embeddable chat API end...

A Prisma injection vulnerability in mintplex-labs/anything-llm allows attackers to bypass access controls by sending specially crafted JSON to the /em...

A denial-of-service vulnerability in Dockerized anything-llm allows attackers to crash the entire site instance by uploading an audio file with a very...

This vulnerability allows unauthenticated attackers to access the /setup-complete API endpoint in Anything-LLM version 1.5.5, exposing sensitive syste...

This vulnerability in anything-llm's single user mode exposes user passwords in plaintext within JWT bearer tokens. Attackers who obtain these tokens ...

This vulnerability in mintplex-labs/anything-llm allows attackers to cause a Denial of Service by creating users with excessively large usernames, whi...

An uncontrolled resource consumption vulnerability in the 'upload-link' endpoint of mintplex-labs/anything-llm allows authenticated users with Manager...

A path traversal vulnerability in mintplex-labs/anything-llm allows authenticated managers to bypass path normalization and access, delete, or overwri...

This vulnerability allows users with Default or Manager roles in mintplex-labs/anything-llm to escalate their privileges to Administrator by exploitin...

A JSON injection vulnerability in the anything-llm application allows attackers to perform brute force attacks against the login system without knowin...

A stored XSS vulnerability in anything-llm allows attackers with manager role to inject malicious JavaScript via crafted URLs. When an admin clicks th...

CVE-2024-3152 affects mintplex-labs/anything-llm, allowing attackers to escalate privileges to admin, read/delete arbitrary files, and perform SSRF at...

This SSRF vulnerability in mintplex-labs/anything-llm allows attackers to bypass IP filtering and access internal network resources by using alternati...

A vulnerability in mintplex-labs/anything-llm allows authenticated users with manager or admin privileges to cause a denial of service by modifying a ...

This vulnerability in mintplex-labs/anything-llm allows attackers to read and delete arbitrary files on the server by manipulating the 'logo_filename'...

This vulnerability in mintplex-labs/anything-llm allows attackers to disable Multi-User Mode via improper input validation, enabling them to create ne...

This vulnerability allows attackers with admin or manager roles in Anything LLM to create new admin users without proper backend authentication, enabl...

CVE-2024-0763 is a path traversal vulnerability in Anything-LLM that allows authenticated users to delete arbitrary folders recursively on the server....

This vulnerability in AnythingLLM allows authenticated users with manager or admin permissions to discover and potentially access other internal servi...

This CVE describes an improper privilege management vulnerability in Anything-LLM where managers can bypass UI restrictions and modify restricted sett...

This vulnerability in AnythingLLM's web scraper allows authorized users (managers, admins, or single users) to access AWS EC2 instance metadata servic...

This SQL injection vulnerability in the Anything-LLM software allows attackers to execute arbitrary SQL commands through user input. It affects all de...