EUVD-2025-6941

Malicious code in bioql PyPI...

CVE-2024-7058

CVE-2024-7058 affects parisneo/lollms-webui v10. The sanitize_path() function fails to neutralize './' relative paths, enabling path traversal to the personality_folder. Impact is local access to restricted directories. A PoC shows a category=./ probe; a fix was pushed to master but not yet relea...

Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of the...

CVE-2024-6971 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

Path Traversal

parisneo/lollms is vulnerable to Path Traversal. The vulnerability is due to the sanitizepath function within the file lollmsconfigurationinfos.py, which allows attackers to manipulate the discussiondbname parameter and potentially write to important system directories...

GHSA-8MRM-R7H3-C3HJ LoLLMS vulnerable to Expected Behavior Violation

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

LoLLMS vulnerable to Expected Behavior Violation

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

CVE-2024-6281 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Information about this advisory is available at the following location:...

Rsync < 2.6.3 Sanitize_path Function Module Path Escaping

Binary data 1965.prm...