Lucene search
K

2984 matches found

Cvelist
Cvelist
added 2024/04/10 5:8 p.m.17 views

CVE-2024-1520 OS Command Injection in parisneo/lollms-webui

An OS Command Injection vulnerability exists in the '/opencodefolder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussionid' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to...

9.8CVSS9.7AI score0.48214EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.9 views

CVE-2024-1520 OS Command Injection in parisneo/lollms-webui

An OS Command Injection vulnerability exists in the '/opencodefolder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussionid' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to...

9.8CVSS9.4AI score0.48214EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:8 p.m.82 views

CVE-2024-1520

The CVE-2024-1520 entry concerns an OS command injection in parisneo/lollms-webui, via improper validation of the discussion_id parameter on the /open_code_folder endpoint. Affected component is the web UI’s input handling, allowing an attacker to inject OS commands and achieve remote code execut...

9.8CVSS9.3AI score0.48214EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/04/10 5:8 p.m.85 views

CVE-2024-1602

CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...

8.8CVSS6.4AI score0.00724EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.11 views

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

8.8CVSS6.5AI score0.00724EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/10 5:8 p.m.16 views

CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...

9.8CVSS9.6AI score0.00981EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.12 views

CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...

9.8CVSS7.5AI score0.00981EPSS
Exploits1References1
CVE
CVE
added 2024/04/10 5:7 p.m.78 views

CVE-2024-1600

The CVE-2024-1600 vulnerability affects parisneo/lollms-webui, specifically the /personalities route, where improper validation of a filename used in include/require enables Local File Inclusion (LFI) via directory traversal (../../) to read arbitrary filesystem files accessible by the web server...

9.3CVSS8.9AI score0.31087EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.9 views

CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...

9.3CVSS6.8AI score0.31087EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.14 views

CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...

9.3CVSS9.3AI score0.31087EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

lollms-webui 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui. An attacker exploiting this vulnerability could read any file on a file system accessible to the web server...

9.3CVSS9.1AI score0.31087EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-18108 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: An issue exists in the '/open code folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the discussion id parameter...

9.8CVSS9.2AI score0.48214EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.7 views

PT-2024-18161 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this...

9.3CVSS9.2AI score0.31087EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

lollms-webui 安全漏洞

LoLLMs is a Web UI for a large language multi-model system by the individual developer Saifeddine ALOUI. A security vulnerability exists in lollms-webui that stems from inadequate cleaning and validation of model output data...

8.8CVSS8.7AI score0.00724EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/30 6:2 p.m.21 views

CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS9.2AI score0.00445EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/30 6:2 p.m.21 views

CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS8AI score0.00445EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.6 views

PT-2024-18110 · Unknown · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: lollms-webui affected versions not specified Description: A Cross-Site Request Forgery CSRF issue in the lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The issue stems from the "/execute code" API...

8.8CVSS9.2AI score0.00445EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.8 views

PT-2024-3607 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.1.117 Description: The issue is related to an authenticated blind server-side request forgery vulnerability. It involves the download file stream function in the backend/apps/web/routers/utils.py file of the Ope...

7.5CVSS6.4AI score0.00412EPSS
Exploits1References10
NVD
NVD
added 2024/03/13 7:15 p.m.16 views

CVE-2024-0800

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...

8.8CVSS8.7AI score0.01034EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 7:15 p.m.11 views

Path traversal

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...

6.5CVSS7.2AI score0.01034EPSS
Exploits1References1
Rows per page
Query Builder