Vulnerabilities > Lollms > Lollms WEB UI

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-6673 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest.
network
low complexity
lollms CWE-352
6.5
2024-10-29 CVE-2024-6674 Origin Validation Error vulnerability in Lollms web UI
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services.
network
low complexity
lollms CWE-346
7.1
2024-10-13 CVE-2024-6959 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 9.8
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file.
network
low complexity
lollms CWE-352
7.1
2024-06-06 CVE-2024-3322 Unspecified vulnerability in Lollms web UI
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5.
network
low complexity
lollms
critical
9.8
2024-06-06 CVE-2024-4320 Path Traversal vulnerability in Lollms web UI
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler.
network
low complexity
lollms CWE-22
critical
9.8
2024-06-06 CVE-2024-1873 Unspecified vulnerability in Lollms web UI
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0.
network
low complexity
lollms
critical
9.1
2024-06-06 CVE-2024-2288 Unspecified vulnerability in Lollms web UI
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0.
network
low complexity
lollms
8.3
2024-06-06 CVE-2024-2359 Unspecified vulnerability in Lollms web UI 9.3
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code.
network
low complexity
lollms
critical
9.8
2024-06-06 CVE-2024-2360 Path Traversal vulnerability in Lollms web UI
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings.
network
low complexity
lollms CWE-22
critical
9.8
2024-06-06 CVE-2024-2362 Path Traversal vulnerability in Lollms web UI 9.3
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform.
network
low complexity
lollms CWE-22
critical
9.1