CVE-2024-4326

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

CVE-2024-4267

A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

CVE-2024-0799

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin...

CVE-2024-0800

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...

com.bertoncelj.wildflysingletonservice:wildfly-singleton-service (=1.0.1), com.puresoltechnologies.purifinity.server:systemmonitor.test (>=0.4.0 <=0.4.1) +165 more potentially affected by CVE-2025-23367 via org.wildfly.core:wildfly-server (>=1.0.0.Alpha16 <=27.0.0.Final)

org.wildfly.core:wildfly-server MAVEN version =1.0.0.Alpha16, =0.4.0, =0.4.0, =0.4.0, =1.2.0, =0.1.0, =0.1.0, =0.12.0.Final, =0.1.0, =1.0.0.Alpha7, =0.1.0, =1.0.0.Alpha7, =1.0.0.Alpha8 and more Source cves: CVE-2025-23367 Source advisory: OSV:GHSA-QR6X-62GQ-4CCP...

PT-2024-35974 · Barco · Barco Clickshare Core +5

Name of the Vulnerable Software and Affected Versions: Barco ClickShare CX-30/20, C-5/10, ClickShare Bar Pro, and Core models versions prior to 2.21.1 Description: An injection vulnerability allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution a...

Open WebUI SSRF Vulnerability

Open WebUI is a scalable, feature-rich, user-friendly self-hosted web user interface designed to operate completely offline. Open WebUI suffers from an SSRF vulnerability that can be exploited by an attacker to potentially compromise the confidentiality, availability, and integrity of the system...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-5125

CVE-2024-5125 affects parisneo/lollms-webui version 9.6, where SVG processing during file upload enables two issues: Cross‑Site Scripting (XSS) and Open Redirect. The root cause is inadequate input validation and handling of SVG files in the upload flow, allowing embedded JavaScript execution and...

CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

OPENSUSE-SU-2024:0358-1 Security update for qbittorrent

This update for qbittorrent fixes the following issues: - Update to version 5.0.1 fixes boo1232731 CVE-2024-51774 Added features: Add 'Simple pread/pwrite' disk IO type Bug fixes: Don't ignore SSL errors boo1232731 CVE-2024-51774 Don't try to apply Mark-of-the-Web to nonexistent files Disable 'Mo...

CVE-2024-6674

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user,...

CVE-2024-6673

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

CVE-2024-6674

A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user,...

CVE-2024-6673

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

CVE-2024-6673

CVE-2024-6673 describes a CSRF vulnerability in the Parisneo LoLLMS WebUI. The issue exists in the install_comfyui endpoint of the lollms_comfyui.py file and is triggered via a GET request without client authentication, allowing an attacker to coerce a user into installing ComfyUI. Affected versi...