Vulnerabilities > Lollms > Lollms WEB UI > 9.8

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-6673 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest.
network
low complexity
lollms CWE-352
6.5
6.5
2024-10-29 CVE-2024-6674 Origin Validation Error vulnerability in Lollms web UI
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services.
network
low complexity
lollms CWE-346
7.1
7.1
2024-10-13 CVE-2024-6959 Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI 9.8
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file.
network
low complexity
lollms CWE-352
7.1
7.1