Vulnerabilities > Lollms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-6581 | Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9 A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. | 9.0 |
| 2024-10-29 | CVE-2024-6673 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. | 6.5 |
| 2024-10-29 | CVE-2024-6674 | Origin Validation Error vulnerability in Lollms web UI A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. | 7.1 |
| 2024-10-13 | CVE-2024-6959 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 9.8 A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. | 7.1 |
| 2024-10-11 | CVE-2024-6985 | Relative Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. | 4.4 |
| 2024-06-27 | CVE-2024-5933 | Cross-site Scripting vulnerability in Lollms Webui A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. | 5.4 |
| 2024-06-24 | CVE-2024-4499 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms 9.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. | 6.3 |
| 2024-06-24 | CVE-2024-3121 | OS Command Injection vulnerability in Lollms 5.9.0 A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. | 3.3 |
| 2024-06-06 | CVE-2024-3322 | Path Traversal vulnerability in Lollms web UI A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. | 9.8 |
| 2024-06-06 | CVE-2024-3429 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. | 9.8 |