21 matches found
EUVD-2024-2190
Malicious code in bioql PyPI...
EUVD-2024-2001
Malicious code in bioql PyPI...
EUVD-2024-44113
Malicious code in bioql PyPI...
CVE-2024-6139
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6085
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
CVE-2024-4499
A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS...
GHSA-W9QF-83JG-2X6C lollms vulnerable to dot-dot-slash path traversal in XTTS server
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
lollms vulnerable to path traversal due to unauthenticated root folder settings change
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
GHSA-9CHM-M6X2-6FVC lollms vulnerable to path traversal due to unauthenticated root folder settings change
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
lollms vulnerable to dot-dot-slash path traversal in XTTS server
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6139
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6085
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
CVE-2024-6139 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6139 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...
CVE-2024-6139
CVE-2024-6139 affects the XTTS server in parisneo/lollms v9.6. The issue stems from improper validation of user-provided file paths in the tts_to_file endpoint, enabling path traversal that allows writing audio files to arbitrary locations and enumerating file paths. The CVSSv3 base score is 7.3 ...
CVE-2024-6085
The CVE-2024-6085 issue concerns the XTTS server in the lollms package (version v9.6). The root cause is an unauthenticated change to root folder settings that enables path traversal: bypassing the read-file protection by setting the root to '/' and allowing writes to arbitrary locations via alte...
CVE-2024-6085 Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be...
CVE-2024-4499
A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS...
CVE-2024-4499
CVE-2024-4499 describes a CSRF vulnerability in the XTTS server of parisneo/lollms 9.6 caused by a lax CORS policy. An attacker can lure a user to a malicious page to trigger arbitrary LoLLMS-XTTS API requests, potentially leading to reading/writing of audio files and, in combination with other i...
CVE-2024-4499 CSRF Vulnerability in parisneo/lollms XTTS Server
A Cross-Site Request Forgery CSRF vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS...