EUVD-2024-2301

Malicious code in bioql PyPI...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2024-6281 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

PT-2024-37509 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1 Description: A path traversal issue exists in the apply settings function. The sanitize path function does not adequately secure the discussion db name parameter, allowing attackers to manipulate the pa...

LoLLMs Path Traversal Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs versions prior to 9.7, which stems from insufficient input validation in the /applysettings function, allowing an attacker to traverse the file...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.5, which stems from insufficient cleanup of the config parameter in the /applysettings function, allowing an attacker to manipulate...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.3, which stems from insufficient protection of the /applysettings and /executecode endpoints, allowing remote attackers to execute...