CVE-2025-60267

Summary of CVE-2025-60267 : Several sources describe a SQL injection vulnerability in the xckk v9.6 platform, arising from insufficient filtering of the cond parameter in the /notice/list API endpoint. The root cause is improper input handling that allows attacker-controlled input to influence SQ...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

lollms vulnerable to path traversal due to unauthenticated root folder settings change

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...

CVE-2024-6139 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

CVE-2024-6139

CVE-2024-6139 affects the XTTS server in parisneo/lollms v9.6. The issue stems from improper validation of user-provided file paths in the tts_to_file endpoint, enabling path traversal that allows writing audio files to arbitrary locations and enumerating file paths. The CVSSv3 base score is 7.3 ...

CVE-2024-6085

The CVE-2024-6085 issue concerns the XTTS server in the lollms package (version v9.6). The root cause is an unauthenticated change to root folder settings that enables path traversal: bypassing the read-file protection by setting the root to '/' and allowing writes to arbitrary locations via alte...

CVE-2024-4841 Path Traversal in parisneo/lollms-webui

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

CVE-2024-4403

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

CVE-2024-4403

CVE-2024-4403 affects the ParisNeo/LollMS-WebUI, v9.6. The issue is a CSRF vulnerability in the restart_program function , which can be triggered to cause unintended actions (e.g., resetting the program) by sending crafted CSRF forms. The flaw is attributed to a lack of CSRF protection in the aff...

Cannes the company registered the class website system cookie injection vulnerability-vulnerability warning-the black bar safety net

Cannes the company registered the class website system v9. 6 cookies injection transit http://www.xxxx.com /jmcook. asp? jmdcw=1 7+and 1=2 union select 1,2,password,4,5,password,7,8,9,1 0,1 1,1 2,1 3 from admin Background get the shell cookies name kid can upload ewe modify the style Database...