CVE-2024-8196 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vul…

Critical CVSS: 9.8

CVE-2024-8196

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

Vendor

Product

Anythingllm Desktop

CWE

Yayın Tarihi

2025-03-20 10:15:41

Güncelleme

2025-07-15 15:15:09

Source Identifier

security@huntr.dev

KEV Date Added

-

Kategoriler

CWE-306 Anythingllm Desktop CRITICAL Mintplexlabs 2025

Referanslar

https://github.com/mintplex-labs/anything-llm/commit/9bfe477f10b188bfe3508ac29105df80d4522ece https://huntr.com/bounties/dbde1c71-7aa5-46f6-847a-d89793cf97a9

Benzer Kayıtlar

Low

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Low

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Medium

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Critical

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…