Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

EUVD-2025-7042

Malicious code in bioql PyPI...

Exploit for Code Injection in Lollms

CVE-2024-3121 - Remote Code Execution RCE in parisneo/lollm...

PT-2025-28157 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 20.1 Description: The issue arises from a timing attack vulnerability in the authenticate user function within the lollms authentication.py file. This vulnerability allows attackers to enumerate valid usernam...

CVE-2024-6982

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

LoLLMs 代码问题漏洞

LoLLMs is a Web UI for a large language multi-modal system by the individual developer Saifeddine ALOUI. A code issue vulnerability exists in LoLLMs version 9.6, which stems from the presence of a cross-site scripting XSS and open redirection vulnerability that allows an attacker to embed malicio...

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from improper parameter cleanup, resulting in a path traversal vulnerability that allows an attacker to read any file on the victim's comput...

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to v9.8, which stems from an unverified path connection in the servejs function in app.py. An attacker exploiting this vulnerability can...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from the presence of a remote code execution vulnerability that allows an attacker to upload and interact with malicious model files hosted...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version v9.6, which can be exploited to bypass protection by changing the root folder to /, allowing an attacker to read arbitrary files on the system...

lollms path traversal vulnerability

LoLLMs is a Web UI for a large language multimodal system by Saifeddine ALOUI Personal Developer. A path traversal vulnerability exists in lollms version 9.4.0, which stems from a path traversal vulnerability in the etpersonalityconfig endpoint that can be exploited by an attacker to overwrite th...

LoLLMs Path Traversal Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs versions prior to 9.7, which stems from insufficient input validation in the /applysettings function, allowing an attacker to traverse the file...

GHSA-VQWR-Q6CC-C242 parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2024-4315

CVE-2024-4315 affects parisneo/lollms v9.5 and is a Local File Inclusion (LFI) flaw caused by insufficient path sanitization in the function that processes endpoints. The code fails to properly sanitize Windows-style paths (backslash), enabling directory traversal on Windows systems. Attackers co...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

LoLLMs 路径遍历漏洞

LoLLMs is a Web UI for a large language multimodal system by Saifeddine ALOUI Personal Developer. A path traversal vulnerability exists in LoLLMs version 9.6, which stems from the listpersonalities endpoint mishandling user-supplied input, and can be exploited by an attacker to traverse the...

LoLLMs 命令注入漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A command injection vulnerability exists in LoLLMs that stems from the openfile function not neutralizing special elements used in user uploaded commands...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from insufficient cleanup of user-supplied input in configuration settings, allowing an attacker to execute arbitrary code...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs versions prior to 9.5 that stems from incorrect neutralization of special elements used in operating system commands, allowi...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.3, which stems from insufficient protection of the /applysettings and /executecode endpoints, allowing remote attackers to execute...