Vulnerabilities > Mintplexlabs > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-06 | CVE-2024-3166 | Cross-site Scripting vulnerability in Mintplexlabs Anythingllm Desktop and Anythingllm Webapp A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. | 9.6 |
2024-06-06 | CVE-2024-3033 | Incorrect Authorization vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. | 9.4 |
2024-06-06 | CVE-2024-3104 | OS Command Injection vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. | 9.8 |
2023-10-30 | CVE-2023-5832 | Improper Input Validation vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 9.1 |
2023-09-11 | CVE-2023-4897 | Relative Path Traversal vulnerability in Mintplexlabs Anythingllm Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 9.8 |