Skip to main content
CVE-2026-21484 MEDIUM POC PATCH This Month

AnythingLLM's password recovery endpoint leaks information about valid usernames through differential error messages, enabling account enumeration attacks. Public exploit code exists for this low-complexity network vulnerability that requires no authentication. The issue has been patched as of commit e287fab56089cf8fcea9ba579a3ecdeca0daa313.

Information Disclosure AI / ML Anythingllm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64124 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-64125 Monitor

A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.

Information Disclosure
NVD
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy