EUVD-2025-6941

Malicious code in bioql PyPI...

CVE-2024-7058

CVE-2024-7058 affects parisneo/lollms-webui v10. The sanitize_path() function fails to neutralize './' relative paths, enabling path traversal to the personality_folder. Impact is local access to restricted directories. A PoC shows a category=./ probe; a fix was pushed to master but not yet relea...

Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of the...

CVE-2024-6985

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of t...