CVE-2024-12766
- EPSS 0.12%
- Veröffentlicht 20.03.2025 10:11:20
- Zuletzt bearbeitet 08.07.2025 16:24:32
parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized we...
CVE-2024-8581
- EPSS 0.22%
- Veröffentlicht 20.03.2025 10:09:25
- Zuletzt bearbeitet 15.10.2025 13:15:55
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Tr...
CVE-2024-4328
- EPSS 0.05%
- Veröffentlicht 10.06.2024 08:15:51
- Zuletzt bearbeitet 21.11.2024 09:42:38
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF p...