Lollms

Lollms Web Ui

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-2178

Exploit
  • EPSS 0.37%
  • Veröffentlicht 02.06.2024 11:15:07
  • Zuletzt bearbeitet 09.07.2025 14:25:18

A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating th...

3.3

CVE-2024-4330

Exploit
  • EPSS 0.17%
  • Veröffentlicht 30.05.2024 15:15:49
  • Zuletzt bearbeitet 09.07.2025 14:27:48

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malic...

7.5

CVE-2024-4322

Exploit
  • EPSS 12.78%
  • Veröffentlicht 16.05.2024 09:15:16
  • Zuletzt bearbeitet 09.07.2025 14:32:00

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory ...

9.8

CVE-2024-4326

Exploit
  • EPSS 1.13%
  • Veröffentlicht 16.05.2024 09:15:16
  • Zuletzt bearbeitet 09.07.2025 14:29:46

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protectio...

8.4

CVE-2024-3435

Exploit
  • EPSS 0.45%
  • Veröffentlicht 16.05.2024 09:15:14
  • Zuletzt bearbeitet 09.07.2025 14:33:50

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' paramete...

8.4

CVE-2024-3126

Exploit
  • EPSS 1.5%
  • Veröffentlicht 16.05.2024 09:15:13
  • Zuletzt bearbeitet 09.07.2025 14:36:46

A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements ...

9

CVE-2024-2366

Exploit
  • EPSS 2.29%
  • Veröffentlicht 16.05.2024 09:15:10
  • Zuletzt bearbeitet 09.07.2025 14:37:53

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability ari...

9.6

CVE-2024-2361

Exploit
  • EPSS 0.35%
  • Veröffentlicht 16.05.2024 09:15:10
  • Zuletzt bearbeitet 09.07.2025 14:38:45

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, ...

9.8

CVE-2024-2358

Exploit
  • EPSS 6.24%
  • Veröffentlicht 16.05.2024 09:15:09
  • Zuletzt bearbeitet 09.07.2025 14:39:33

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, spec...

6.1

CVE-2024-2299

Exploit
  • EPSS 0.21%
  • Veröffentlicht 14.05.2024 15:18:47
  • Zuletzt bearbeitet 09.07.2025 14:41:13

A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading maliciou...