Lucene search
K

571 matches found

NVD
NVD
added 2026/03/24 5:16 p.m.4 views

CVE-2026-33340

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

9.1CVSS0.21629EPSS
Exploits3References2
EUVD
EUVD
added 2026/03/24 3:58 p.m.4 views

EUVD-2026-14928

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/03/24 3:58 p.m.20 views

CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

9.1CVSS0.21629EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 3:58 p.m.3 views

CVE-2026-33340

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27456

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI affected versions not specified Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery SSRF issue. An unauthenticated attacker can exploit this t...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References8
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.13 views

VulnCheck KEV: CVE-2024-6250

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS5.9AI score0.01957EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.8 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.24 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.6 views

Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.29 views

CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS0.00769EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.4 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
CVE
CVE
added 2026/02/02 10:36 a.m.24 views

CVE-2024-2356

The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References2
NVD
NVD
added 2026/02/02 10:16 a.m.10 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 9:55 a.m.27 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/02 9:55 a.m.7 views

EUVD-2026-5096

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 9:55 a.m.20 views

CVE-2026-1117

The CVE-2026-1117 entry describes a vulnerability in parisneo/lollms (version 5.9.0) where the lollms_generation_events.py component registers Socket.IO events (generate_text, cancel_generation, generate_msg, generate_msg_from) without authentication/authorization checks. This allows unauthentica...

8.2CVSS7.9AI score0.00436EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

LoLLMs WEBUI 访问控制错误漏洞

LoLLMs WEBUI is a web user interface developed by Saifeddine ALOUI. Version 5.9.0 of LoLLMs WEBUI contains an access control vulnerability; this vulnerability stems from the lack of authentication and authorization checks in the lollmsgenerationevents.py component, which may lead to...

8.2CVSS7.2AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

LoLLMs WEBUI 安全漏洞

LoLLMs WEBUI is a large-scale model web user interface developed by Saifeddine ALOUI, which supports integration of multiple models and modalities. LoLLMs WEBUI has a security vulnerability; this vulnerability stems from the name parameter in the /reinstallextension endpoint containing local file...

9.6CVSS7.8AI score0.00769EPSS
Exploits0References3
Rows per page
Query Builder