2982 matches found
BIT-SYNCTHING-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing
Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...
CVE-2024-4897
parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...
CVE-2024-4897 Remote Code Execution in parisneo/lollms-webui
parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...
CVE-2024-4897
The CVE-2024-4897 entry affects parisneo/lollms-webui via an insecure dependency on llama-cpp-python (llama_cpp_python-0.2.61+cpuavx2-...), with exploitation possible through the bindings_zoo feature when processing gguf model files. Connected Red Hat CVE-2024-34359 documents explain that the roo...
CVE-2024-4897 Remote Code Execution in parisneo/lollms-webui
parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...
PT-2024-33304 · Unknown · Llama Cpp Python +1
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version affected versions not specified Description: The issue arises from an insecure dependency on llama cpp python version llama cpp python-0.2.61+cpuavx2-cp311-cp311-manylinux 2 31 x86 64. The vulnerability is linked...
CVE-2024-6250
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2024-6250
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2024-5933
A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...
CVE-2024-5933
A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...
CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui
A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...
CVE-2024-5933
CVE-2024-5933 affects parisneo/lollms-webui (chat functionality). The connected documents consistently describe a Cross-site Scripting (XSS) vulnerability where chat messages can inject and execute malicious scripts in the user’s browser. Root cause is un-sanitized input in the chat path of the w...
CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui
A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...
CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2024-6250
Summary (fact-grounded): CVE-2024-6250 affects parisneo/lollms-webui version 9.6. The vulnerability is an absolute path traversal in the open_file endpoint of lollms_advanced.py, where the sanitize_path function with allow_absolute_path=True enables reading arbitrary files and listing directories...
LoLLMs Cross-Site Scripting Vulnerability
LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...
PT-2024-37248 · Parisneo · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version latest Description: A Cross-site Scripting XSS issue exists in the chat functionality, allowing an attacker to inject malicious scripts via chat messages. These scripts are then executed in the context of the...
PT-2024-37482
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...
CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui
A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...