Lucene search
K

571 matches found

CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

lollms-webui 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui. An attacker exploiting this vulnerability could read any file on a file system accessible to the web server...

9.3CVSS9.1AI score0.31087EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.2 views

lollms-webui 操作系统命令注入漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in lollms-webui that stems from incorrect validation of user-supplied input...

9.8CVSS9.7AI score0.48214EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

lollms-webui 安全漏洞

LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui that stems from inadequate cleaning and validation of model output data...

8.8CVSS8.7AI score0.00724EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.7 views

PT-2024-18161 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this...

9.3CVSS9.2AI score0.31087EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-18108 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: An issue exists in the '/open code folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the discussion id parameter...

9.8CVSS9.2AI score0.48214EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/03/30 6:2 p.m.21 views

CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS8AI score0.00445EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/30 6:2 p.m.21 views

CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS9.2AI score0.00445EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.5 views

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.1 that stems from allowing everyone to access the cors configuration...

8.8CVSS8.7AI score0.00445EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.6 views

PT-2024-18110 · Unknown · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: lollms-webui affected versions not specified Description: A Cross-Site Request Forgery CSRF issue in the lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The issue stems from the "/execute code" API...

8.8CVSS9.2AI score0.00445EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.6 views

PT-2024-2416 · Parisneo +1 · Lollms-Webui +1

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version v9.8 Description: The issue is related to the missing client id parameter in lollms binding infos, leading to security vulnerabilities. Specifically, the endpoints "/reload binding", "/install binding", "/reinsta...

8.8CVSS4.4AI score0.00161EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.7 views

PT-2024-5517 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The LoLLMS WebUI system for launching and managing large language models is susceptible to a denial of service DoS attack due to uncontrolled resource consumption. Attackers c...

7.5CVSS5.5AI score0.00782EPSS
Exploits1References9
Rows per page
Query Builder