Every CVE whose affected-product data names Lollms Lollms-webui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-1601 — CVSS 9.8 (critical): An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker…
CVE-2024-4267 — CVSS 9.8 (critical): A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5…
CVE-2024-4403 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This…
CVE-2024-1646 — CVSS 8.2 (high): parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application…
CVE-2024-1569 — CVSS 7.5 (high): parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the…
CVE-2024-5125 — CVSS 7.3 (high): parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and…
CVE-2024-6971 — CVSS 4.4 (medium): A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The…
CVE-2024-4839 — CVSS 3.3 (low): A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions…
CVE-2024-4841 — CVSS 3.3 (low): A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to…