Vulnerabilities > Mintplexlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-3152 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. | 8.8 |
| 2024-06-05 | CVE-2024-4084 | Unspecified vulnerability in Mintplexlabs Anythingllm A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. | 7.5 |
| 2024-03-03 | CVE-2024-0765 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access to the system, but they can do this at any role. | 6.5 |
| 2024-03-02 | CVE-2024-0795 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance | 7.2 |
| 2024-02-28 | CVE-2024-0550 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack. | 6.5 |
| 2024-01-25 | CVE-2024-0879 | Unspecified vulnerability in Mintplexlabs Vector Admin Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. | 4.3 |
| 2024-01-19 | CVE-2024-22422 | Unspecified vulnerability in Mintplexlabs Anythingllm AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. | 7.5 |
| 2023-10-30 | CVE-2023-5832 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 9.1 |
| 2023-10-30 | CVE-2023-5833 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 8.8 |
| 2023-09-12 | CVE-2023-4898 | Unspecified vulnerability in Mintplexlabs Anything-Llm Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 7.5 |