571 matches found
lollms-webui 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui. An attacker exploiting this vulnerability could read any file on a file system accessible to the web server...
lollms-webui 操作系统命令注入漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in lollms-webui that stems from incorrect validation of user-supplied input...
lollms-webui 安全漏洞
LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui that stems from inadequate cleaning and validation of model output data...
PT-2024-18161 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this...
PT-2024-18108 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: An issue exists in the '/open code folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the discussion id parameter...
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...
LoLLMs 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.1 that stems from allowing everyone to access the cors configuration...
PT-2024-18110 · Unknown · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: lollms-webui affected versions not specified Description: A Cross-Site Request Forgery CSRF issue in the lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The issue stems from the "/execute code" API...
PT-2024-2416 · Parisneo +1 · Lollms-Webui +1
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version v9.8 Description: The issue is related to the missing client id parameter in lollms binding infos, leading to security vulnerabilities. Specifically, the endpoints "/reload binding", "/install binding", "/reinsta...
PT-2024-5517 · Microsoft · Visual Studio Code
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The LoLLMS WebUI system for launching and managing large language models is susceptible to a denial of service DoS attack due to uncontrolled resource consumption. Attackers c...