Lucene search
K

193 matches found

CVE
CVE
added 2026/02/02 10:36 a.m.26 views

CVE-2024-2356

The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.11 views

CVE-2024-2362

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...

9.1CVSS9.1AI score0.0115EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.7 views

CVE-2024-2366

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

9CVSS9.4AI score0.00662EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.8 views

CVE-2024-2358

A path traversal vulnerability in the '/applysettings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter...

9.8CVSS8.2AI score0.01123EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47062

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00351EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-44422

Malicious code in bioql PyPI...

4CVSS4.8AI score0.00674EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.27 views

EUVD-2024-44421

Malicious code in bioql PyPI...

4.4CVSS5AI score0.00163EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-44033

Malicious code in bioql PyPI...

8.8CVSS5AI score0.00166EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2983

Malicious code in bioql PyPI...

4.4CVSS4.2AI score0.00316EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47500

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.00603EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47724

Malicious code in bioql PyPI...

6.5CVSS5AI score0.00167EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-27311

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01123EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-32022

Malicious code in bioql PyPI...

8.4CVSS8.4AI score0.00825EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-2008

Malicious code in bioql PyPI...

4CVSS4.8AI score0.00285EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.8 views

CVE-2024-4839

A Cross-Site Request Forgery CSRF vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service under construction, XTTS service, Petals service, vLLM service, and Motion Ctrl service,...

4.4CVSS4.8AI score0.00163EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.7 views

CVE-2024-5933

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...

6.1CVSS5.2AI score0.00351EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.9 views

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS4.3AI score0.00674EPSS
Exploits1
NVD
NVD
added 2025/03/20 10:15 a.m.34 views

CVE-2024-8898

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

9.8CVSS0.0075EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-8581

A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...

9.1CVSS0.00899EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.21 views

CVE-2024-8736

A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...

7.1CVSS0.00228EPSS
Exploits1References1
Rows per page
Query Builder