Lollms Lollms_web_ui

46 CVEs affecting Lollms Lollms_web_ui. Latest disclosed: 2026-03-24. Critical: 18, High: 18.

Top CVEs affecting Lollms Lollms_web_ui
CVESeverityScorePublishedSummary
CVE-2024-8898Critical9.82025-03-20A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allo…
CVE-2024-4320Critical9.82024-06-06A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@rou…
CVE-2024-3322Critical9.82024-06-06A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vuln…
CVE-2024-2624Critical9.82024-06-06A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_persona…
CVE-2024-2360Critical9.82024-06-06parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in…
CVE-2024-2359Critical9.82024-06-06A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises f…
CVE-2024-5482Critical9.82024-06-06A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version…
CVE-2024-4326Critical9.82024-05-16A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protec…
CVE-2024-2358Critical9.82024-05-16A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises…
CVE-2024-1520Critical9.82024-04-10An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-s…
CVE-2024-1511Critical9.82024-04-10The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allow…
CVE-2024-2361Critical9.62024-05-16A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, t…
CVE-2024-1600Critical9.32024-04-10A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exp…
CVE-2026-33340Critical9.12026-03-24LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery (SSRF) vulnerability ha…
CVE-2024-8581Critical9.12025-03-20A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The fu…
CVE-2024-2362Critical9.12024-06-06A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Window…
CVE-2024-1873Critical9.12024-06-06parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpo…
CVE-2024-2366Critical9.02024-05-16A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/l…
CVE-2024-9920High8.82025-03-20In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones li…
CVE-2024-6040High8.82024-08-01In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifica…