Vulnerabilities > Lollms > Lollms WEB UI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-2548 | Path Traversal vulnerability in Lollms web UI A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. | 7.5 |
| 2024-06-06 | CVE-2024-2624 | Path Traversal vulnerability in Lollms web UI A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. | 9.8 |
| 2024-06-06 | CVE-2024-5482 | Unspecified vulnerability in Lollms web UI A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. | 9.8 |