CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

568 matches found

RedhatCVE•added 2026/01/07 9:8 a.m.•6 views

CVE-2024-2358

A path traversal vulnerability in the '/applysettings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter...

9.8CVSS8.2AI score0.01123EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:8 a.m.•9 views

CVE-2024-2288

A Cross-Site Request Forgery CSRF vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without thei...

8.3CVSS7.9AI score0.00258EPSS

Exploits1References1

Huntr•added 2025/12/29 5:53 p.m.•6 views

Unauthenticated File Upload in LollMS

Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...

9.8CVSS5.8AI score0.0043EPSS

Exploits1

Huntr•added 2025/12/29 5:51 p.m.•5 views

Server-Side Request Forgery (SSRF) in LollMS Export Content

Executive Summary A security vulnerability has been identified in LollMS that allows Server-Side Request Forgery SSRF attacks through the /api/files/export-content endpoint. The downloadimagetotemp function downloads images from arbitrary user-controlled URLs without validation, allowing attacker...

7.5CVSS6AI score0.01765EPSS

Exploits1

Huntr•added 2025/12/29 5:49 p.m.•5 views

Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response

Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...

8.3CVSS5.8AI score0.00268EPSS

Exploits1

Huntr•added 2025/12/29 5:46 p.m.•6 views

Content-Type Spoofing in LollMS Image Upload

Executive Summary A security vulnerability has been identified in LollMS that allows authenticated users to bypass file type validation by spoofing the Content-Type header. The /api/upload/chatimage endpoint only validates the HTTP header, not the actual file content, allowing malicious files to ...

6AI score

Exploits0