Lucene search
K

568 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/24 3:58 p.m.2 views

CVE-2026-33340

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27456

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI affected versions not specified Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery SSRF issue. An unauthenticated attacker can exploit this t...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References8
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.12 views

VulnCheck KEV: CVE-2024-6250

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS5.9AI score0.01957EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.8 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.20 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.5 views

Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.29 views

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS0.00769EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.4 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
CVE
CVE
added 2026/02/02 10:36 a.m.20 views

CVE-2024-2356

The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References2
NVD
NVD
added 2026/02/02 10:16 a.m.10 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 9:55 a.m.24 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 9:55 a.m.3 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References3
CVE
CVE
added 2026/02/02 9:55 a.m.16 views

CVE-2026-1117

The CVE-2026-1117 entry describes a vulnerability in parisneo/lollms (version 5.9.0) where the lollms_generation_events.py component registers Socket.IO events (generate_text, cancel_generation, generate_msg, generate_msg_from) without authentication/authorization checks. This allows unauthentica...

8.2CVSS7.9AI score0.00436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/02 9:55 a.m.5 views

EUVD-2026-5096

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.6 views

LoLLMs WEBUI 访问控制错误漏洞

LoLLMs WEBUI is a web user interface developed by Saifeddine ALOUI. Version 5.9.0 of LoLLMs WEBUI contains an access control vulnerability; this vulnerability stems from the lack of authentication and authorization checks in the lollmsgenerationevents.py component, which may lead to...

8.2CVSS7.2AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

LoLLMs WEBUI 安全漏洞

LoLLMs WEBUI is a large-scale model web user interface developed by Saifeddine ALOUI, which supports integration of multiple models and modalities. LoLLMs WEBUI has a security vulnerability; this vulnerability stems from the name parameter in the /reinstallextension endpoint containing local file...

9.6CVSS7.8AI score0.00769EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.10 views

CVE-2024-2362

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...

9.1CVSS9.1AI score0.0115EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.7 views

CVE-2024-2366

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

9CVSS9.4AI score0.00662EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.3 views

CVE-2024-2178

A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...

7.5CVSS7.2AI score0.00599EPSS
Exploits1References1
Rows per page
Query Builder