Vulnerabilities > Mintplexlabs > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-3166 Cross-site Scripting vulnerability in Mintplexlabs Anythingllm Desktop and Anythingllm Webapp
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application.
network
low complexity
mintplexlabs CWE-79
critical
9.6
2024-06-06 CVE-2024-3033 Incorrect Authorization vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes.
network
low complexity
mintplexlabs CWE-863
critical
9.4
2024-06-06 CVE-2024-3104 OS Command Injection vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables.
network
low complexity
mintplexlabs CWE-78
critical
9.8
2023-10-30 CVE-2023-5832 Improper Input Validation vulnerability in Mintplexlabs Anythingllm 0.0.1
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
network
low complexity
mintplexlabs CWE-20
critical
9.1
2023-09-11 CVE-2023-4897 Relative Path Traversal vulnerability in Mintplexlabs Anythingllm
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
network
low complexity
mintplexlabs CWE-23
critical
9.8