CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

PT-2024-33304 · Unknown · Llama Cpp Python +1

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version affected versions not specified Description: The issue arises from an insecure dependency on llama cpp python version llama cpp python-0.2.61+cpuavx2-cp311-cp311-manylinux 2 31 x86 64. The vulnerability is linked...

CVE-2024-4403

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403

CVE-2024-4403 affects the ParisNeo/LollMS-WebUI, v9.6. The issue is a CSRF vulnerability in the restart_program function , which can be triggered to cause unintended actions (e.g., resetting the program) by sending crafted CSRF forms. The flaw is attributed to a lack of CSRF protection in the aff...