Lollms Lollms-webui
9 CVEs affecting Lollms Lollms-webui. Latest disclosed: 2024-11-14. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4267 | Critical | 9.8 | 2024-05-22 | A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability ari… |
CVE-2024-1601 | Critical | 9.8 | 2024-04-16 | An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discus… |
CVE-2024-4403 | High | 8.8 | 2024-06-10 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers… |
CVE-2024-1646 | High | 8.2 | 2024-04-16 | parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parame… |
CVE-2024-1569 | High | 7.5 | 2024-04-16 | parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_c… |
CVE-2024-5125 | High | 7.3 | 2024-11-14 | parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files… |
CVE-2024-6971 | Medium | 4.4 | 2024-10-11 | A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_databas… |
CVE-2024-4839 | Low | 3.3 | 2024-06-24 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The… |
CVE-2024-4841 | Low | 3.3 | 2024-06-23 | A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input san… |