193 matches found
CVE-2024-2356
The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...
CVE-2024-2362
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...
CVE-2024-2366
A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...
CVE-2024-2358
A path traversal vulnerability in the '/applysettings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter...
EUVD-2024-47062
Malicious code in bioql PyPI...
EUVD-2024-44422
Malicious code in bioql PyPI...
EUVD-2024-44421
Malicious code in bioql PyPI...
EUVD-2024-44033
Malicious code in bioql PyPI...
EUVD-2024-2983
Malicious code in bioql PyPI...
EUVD-2024-47500
Malicious code in bioql PyPI...
EUVD-2024-47724
Malicious code in bioql PyPI...
EUVD-2024-27311
Malicious code in bioql PyPI...
EUVD-2024-32022
Malicious code in bioql PyPI...
EUVD-2024-2008
Malicious code in bioql PyPI...
CVE-2024-4839
A Cross-Site Request Forgery CSRF vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service under construction, XTTS service, Petals service, vLLM service, and Motion Ctrl service,...
CVE-2024-5933
A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...
CVE-2024-4841
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...
CVE-2024-8898
A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...
CVE-2024-8581
A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...
CVE-2024-8736
A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...