Every CVE whose affected-product data names Lollms Lollms Web Ui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2024-4326 — CVSS 9.8 (critical): A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from…
CVE-2024-1511 — CVSS 9.8 (critical): The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file…
CVE-2024-1520 — CVSS 9.8 (critical): An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper…
CVE-2024-8898 — CVSS 9.8 (critical): A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry)…
CVE-2024-2358 — CVSS 9.8 (critical): A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The…
CVE-2024-2359 — CVSS 9.8 (critical): A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary…
CVE-2024-2360 — CVSS 9.8 (critical): parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of…
CVE-2024-5482 — CVSS 9.8 (critical): A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting…
CVE-2024-2624 — CVSS 9.8 (critical): A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the…
CVE-2024-3322 — CVSS 9.8 (critical): A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions…
CVE-2024-4320 — CVSS 9.8 (critical): A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application…
CVE-2024-2361 — CVSS 9.6 (critical): A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied…
CVE-2024-1600 — CVSS 9.3 (critical): A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route…
CVE-2024-8581 — CVSS 9.1 (critical): A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory…
CVE-2026-33340 — CVSS 9.1 (critical): LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery…
CVE-2024-2362 — CVSS 9.1 (critical): A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file…
CVE-2024-1873 — CVSS 9.1 (critical): parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in…
CVE-2024-2366 — CVSS 9.0 (critical): A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding…
CVE-2024-1522 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on…
CVE-2024-6040 — CVSS 8.8 (high): In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security…
CVE-2024-9920 — CVSS 8.8 (high): In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including…
CVE-2024-9919 — CVSS 8.4 (high): A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory…
CVE-2024-4897 — CVSS 8.4 (high): parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python…
CVE-2024-3435 — CVSS 8.4 (high): A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to…
CVE-2024-3126 — CVSS 8.4 (high): A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically…
CVE-2024-2288 — CVSS 8.3 (high): A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application…
CVE-2024-4498 — CVSS 7.7 (high): A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to…
CVE-2024-4322 — CVSS 7.5 (high): A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By…
CVE-2024-2548 — CVSS 7.5 (high): A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints…
CVE-2024-2178 — CVSS 7.5 (high): A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the…
CVE-2025-1451 — CVSS 7.5 (high): A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not…
CVE-2024-6250 — CVSS 7.5 (high): An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of…
CVE-2024-12766 — CVSS 7.5 (high): parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST…
CVE-2024-6394 — CVSS 7.5 (high): A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path…
CVE-2024-6959 — CVSS 7.1 (high): A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an…
CVE-2024-6674 — CVSS 7.1 (high): A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser…
CVE-2024-10019 — CVSS 6.7 (medium): A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command…
CVE-2024-6673 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the…
CVE-2024-8736 — CVSS 6.5 (medium): A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The…
CVE-2024-2299 — CVSS 6.1 (medium): A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded…
CVE-2024-1602 — CVSS 6.1 (medium): parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability…
CVE-2024-5933 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This…
CVE-2024-6986 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to…
CVE-2024-10047 — CVSS 5.3 (medium): parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary…
CVE-2024-7058 — CVSS 4.4 (medium): A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using…
CVE-2024-4330 — CVSS 3.3 (low): A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability…