Lollms

Lollms Web Ui

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2024-4498

Exploit
  • EPSS 0.14%
  • Veröffentlicht 25.06.2024 20:15:12
  • Zuletzt bearbeitet 09.07.2025 14:24:04

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allo...

9.8

CVE-2024-4320

Exploit
  • EPSS 63.98%
  • Veröffentlicht 06.06.2024 19:16:02
  • Zuletzt bearbeitet 21.11.2024 09:42:37

A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper han...

9.8

CVE-2024-3322

Exploit
  • EPSS 0.79%
  • Veröffentlicht 06.06.2024 19:16:01
  • Zuletzt bearbeitet 21.11.2024 09:29:23

A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in th...

9.8

CVE-2024-2624

Exploit
  • EPSS 10.33%
  • Veröffentlicht 06.06.2024 19:15:55
  • Zuletzt bearbeitet 21.11.2024 09:10:09

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. ...

7.5

CVE-2024-2548

Exploit
  • EPSS 0.23%
  • Veröffentlicht 06.06.2024 19:15:55
  • Zuletzt bearbeitet 21.11.2024 09:09:59

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of f...

9.1

CVE-2024-2362

Exploit
  • EPSS 1.91%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 13.02.2025 16:09:46

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on ...

9.8

CVE-2024-2360

Exploit
  • EPSS 5.29%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 21.11.2024 09:09:35

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerabil...

9.8

CVE-2024-2359

Exploit
  • EPSS 0.26%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 21.11.2024 09:09:35

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blo...

8.3

CVE-2024-2288

Exploit
  • EPSS 0.27%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 21.11.2024 09:09:26

A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers ...

9.1

CVE-2024-1873

  • EPSS 2.42%
  • Veröffentlicht 06.06.2024 19:15:51
  • Zuletzt bearbeitet 15.10.2025 13:15:41

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when intera...