CVE-2024-1601

An SQL injection vulnerability exists in the delete_discussion() function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /delete_discussion endpoint, which internally ...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the /open_code_in_vs_code and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the ...