Vulnerabilidades en Mintplex-Labs
75 resultadosCVE-2024-0879MEDIUMAuthentication bypass in vector-admin domain restrictionEPSS 0.4%CVE-2026-48116HIGHAnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skillEPSS 0.4%CVE-2024-4286MEDIUMImproper Neutralization of Special Elements in mintplex-labs/anything-llmEPSS 0.4%CVE-2024-7783MEDIUMImproper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llmEPSS 0.3%CVE-2024-2913MEDIUMRace Condition Vulnerability in mintplex-labs/anything-llmEPSS 0.3%CVE-2024-3570NONEStored XSS leading to Admin Account Takeover in mintplex-labs/anything-llmEPSS 0.3%CVE-2026-42456MEDIUMAnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)EPSS 0.3%CVE-2026-32628HIGHAnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name ParameterEPSS 0.3%CVE-2026-55611NONEAnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)EPSS 0.2%CVE-2026-32717LOWAnythingLLM access control bypass: suspended users can continue using Browser Extension API keysEPSS 0.2%CVE-2026-48789MEDIUMAnythingLLM: Windows path containment bypass in document folder routeEPSS 0.2%CVE-2026-47713LOWAnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migrationEPSS 0.2%CVE-2026-32715LOWAnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System PreferencesEPSS 0.2%CVE-2026-41318MEDIUMAnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable componentEPSS 0.2%CVE-2026-45403LOWAnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directoryEPSS 0.2%