Vulnerabilities > Lollms

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-6581 Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files.
network
low complexity
lollms CWE-79
critical
9.0
2024-10-29 CVE-2024-6673 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest.
network
low complexity
lollms CWE-352
6.5
2024-10-29 CVE-2024-6674 Origin Validation Error vulnerability in Lollms web UI
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services.
network
low complexity
lollms CWE-346
7.1
2024-10-13 CVE-2024-6959 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 9.8
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file.
network
low complexity
lollms CWE-352
7.1
2024-10-11 CVE-2024-6985 Relative Path Traversal vulnerability in Lollms
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui.
local
low complexity
lollms CWE-23
4.4
2024-06-27 CVE-2024-5933 Unspecified vulnerability in Lollms Webui
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version.
network
low complexity
lollms
5.4
2024-06-24 CVE-2024-4499 Unspecified vulnerability in Lollms 9.6
A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy.
network
low complexity
lollms
6.3
2024-06-24 CVE-2024-3121 OS Command Injection vulnerability in Lollms 5.9.0
A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0.
local
low complexity
lollms CWE-78
3.3
2024-06-06 CVE-2024-3322 Unspecified vulnerability in Lollms web UI
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5.
network
low complexity
lollms
critical
9.8
2024-06-06 CVE-2024-3429 Path Traversal vulnerability in Lollms
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`.
network
low complexity
lollms CWE-22
critical
9.8