Lollms Lollms-webui

9 CVEs affecting Lollms Lollms-webui. Latest disclosed: 2024-11-14. Critical: 2, High: 4.

Top CVEs affecting Lollms Lollms-webui
CVESeverityScorePublishedSummary
CVE-2024-4267Critical9.82024-05-22A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability ari…
CVE-2024-1601Critical9.82024-04-16An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discus…
CVE-2024-4403High8.82024-06-10A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers…
CVE-2024-1646High8.22024-04-16parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parame…
CVE-2024-1569High7.52024-04-16parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_c…
CVE-2024-5125High7.32024-11-14parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files…
CVE-2024-6971Medium4.42024-10-11A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_databas…
CVE-2024-4839Low3.32024-06-24A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The…
CVE-2024-4841Low3.32024-06-23A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input san…