| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41318 | AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component | Mintplex-Labs | anything-llm | Medium | 5.4 | 2026-04-24 02:57:16 | Deep Dive |
| CVE-2026-5627 | Path Traversal in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | - | - | 2026-04-07 13:06:39 | Deep Dive |
| CVE-2026-32719 | AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import | Mintplex-Labs | anything-llm | Medium | 4.2 | 2026-03-13 21:25:32 | Deep Dive |
| CVE-2026-32717 | AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys | Mintplex-Labs | anything-llm | Low | 2.7 | 2026-03-13 21:23:49 | Deep Dive |
| CVE-2026-32715 | AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences | Mintplex-Labs | anything-llm | Low | 3.8 | 2026-03-13 21:22:01 | Deep Dive |
| CVE-2026-32628 | AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter | Mintplex-Labs | anything-llm | 高危 | - | 2026-03-13 20:50:16 | Deep Dive |
| CVE-2026-32626 | AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection | Mintplex-Labs | anything-llm | Critical | 9.6 | 2026-03-13 20:14:30 | Deep Dive |
| CVE-2026-32617 | AnythingLLM Permissable CORS policy | Mintplex-Labs | anything-llm | High | 7.1 | 2026-03-13 20:07:57 | Deep Dive |
| CVE-2026-24478 | AnythingLLM vulnerable to Path Traversal | Mintplex-Labs | anything-llm | High | 7.2 | 2026-01-26 23:23:55 | Deep Dive |
| CVE-2026-24477 | AnythingLLM has key leak in `systemSettings.js` | Mintplex-Labs | anything-llm | - | - | 2026-01-26 23:22:28 | Deep Dive |
| CVE-2026-21484 | AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery | Mintplex-Labs | anything-llm | Medium | 5.3 | 2026-01-03 01:21:39 | Deep Dive |
| CVE-2024-8196 | Missing Authentication for Critical Function in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 超危 | - | 2025-03-20 10:11:35 | Deep Dive |
| CVE-2024-8248 | Path Traversal in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 高危 | - | 2025-03-20 10:11:32 | Deep Dive |
| CVE-2024-6842 | Exposure of Sensitive Information in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 高危 | - | 2025-03-20 10:10:28 | Deep Dive |
| CVE-2024-10513 | Path Traversal in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 高危 | - | 2025-03-20 10:09:51 | Deep Dive |
| CVE-2024-8249 | Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 高危 | - | 2025-03-20 10:09:42 | Deep Dive |
| CVE-2024-10109 | Incorrect Authorization in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 高危 | - | 2025-03-20 10:09:27 | Deep Dive |
| CVE-2024-7771 | Denial of Service in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 中危 | - | 2025-03-20 10:08:50 | Deep Dive |
| CVE-2024-8251 | Prisma Injection in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 中危 | - | 2025-03-20 10:08:49 | Deep Dive |
| CVE-2024-13060 | Improper Authorization in mintplex-labs/anything-llm | mintplex-labs | mintplex-labs/anything-llm | 中危 | - | 2025-03-20 10:08:46 | Deep Dive |