Vulnerabilities > Lollms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-24 | CVE-2024-4499 | Unspecified vulnerability in Lollms 9.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. | 6.3 |
| 2024-06-24 | CVE-2024-3121 | OS Command Injection vulnerability in Lollms 5.9.0 A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. | 3.3 |
| 2024-06-06 | CVE-2024-3322 | Unspecified vulnerability in Lollms web UI A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. | 9.8 |
| 2024-06-06 | CVE-2024-3429 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. | 9.8 |
| 2024-06-06 | CVE-2024-4320 | Path Traversal vulnerability in Lollms web UI A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. | 9.8 |
| 2024-06-06 | CVE-2024-4881 | Path Traversal vulnerability in Lollms A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. | 7.5 |
| 2024-06-06 | CVE-2024-1873 | Unspecified vulnerability in Lollms web UI parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. | 9.1 |
| 2024-06-06 | CVE-2024-2288 | Unspecified vulnerability in Lollms web UI A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. | 8.3 |
| 2024-06-06 | CVE-2024-2359 | Unspecified vulnerability in Lollms web UI 9.3 A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. | 9.8 |
| 2024-06-06 | CVE-2024-2360 | Path Traversal vulnerability in Lollms web UI parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. | 9.8 |