CVE-2024-9919

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...

CVE-2024-9919

The CVE-2024-9919 issue affects parisneo/lollms-webui version 13, specifically the uninstall endpoint. A missing authentication check in /uninstall/{app_name} means the server does not call check_access() to verify client_id, allowing unauthorized directory deletions. The vulnerability is describ...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs Web UI version V12, which stems from the install and uninstall API endpoints not being adequately cleaned of user input,...

Atlassian Universal Plugin Manager Cross-Site Request Forgery Vulnerability

Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site request forgery vulnerability exists in the Uninstall REST endpoint in Atlassian Universal Plugin Manager versions prior to 2.22.19, 3.0.x versions prior to...

CVE-2019-14999

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...