Vulnerabilities > Mintplexlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-26 | CVE-2024-0439 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 As a manager, you should not be able to modify a series of settings. | 8.8 |
| 2024-02-26 | CVE-2024-0440 | Unspecified vulnerability in Mintplexlabs Anythingllm Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files. | 6.5 |
| 2024-02-26 | CVE-2024-0455 | Unspecified vulnerability in Mintplexlabs Anythingllm The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance ``` which is a special IP and URL that resolves only when the request comes from within an EC2 instance. | 7.5 |
| 2024-02-26 | CVE-2024-0798 | Unspecified vulnerability in Mintplexlabs Anythingllm A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. | 6.5 |
| 2024-01-25 | CVE-2024-0879 | Unspecified vulnerability in Mintplexlabs Vector Admin Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. | 4.3 |
| 2024-01-19 | CVE-2024-22422 | Unspecified vulnerability in Mintplexlabs Anythingllm AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. | 7.5 |
| 2023-10-30 | CVE-2023-5832 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 9.1 |
| 2023-10-30 | CVE-2023-5833 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 8.8 |
| 2023-09-12 | CVE-2023-4898 | Unspecified vulnerability in Mintplexlabs Anything-Llm Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 7.5 |
| 2023-09-12 | CVE-2023-4899 | Unspecified vulnerability in Mintplexlabs Anything-Llm SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 8.8 |