Vulnerabilities > Lollms > Lollms WEB UI > 12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-8736 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 12 A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). | 6.5 |
| 2025-03-20 | CVE-2024-8898 | Unspecified vulnerability in Lollms web UI 12 A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). | 9.8 |
| 2025-03-20 | CVE-2024-9920 | Unrestricted Upload of File with Dangerous Type vulnerability in Lollms web UI 12 In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. | 8.8 |