📦 Lollms Webui

This CVE describes a critical command injection vulnerability in the parisneo/lollms-webui's 'open_file' module. Attackers can exploit it by providing malicious file paths that execute arbitrary syste...

An SQL injection vulnerability in the parisneo/lollms-webui application allows attackers to delete all discussion and message data by sending a crafted HTTP POST request to the /delete_discussion endp...

This vulnerability in lollms-webui version 9.6 allows attackers to upload malicious SVG files containing JavaScript code that executes when rendered, enabling cross-site scripting attacks and open red...

CVE-2024-1646 is an authentication bypass vulnerability in parisneo/lollms-webui that allows unauthorized access to sensitive endpoints. Attackers can exploit inadequate host parameter checking to exe...

A path traversal vulnerability in the lollms-webui allows attackers to perform vectorize operations on arbitrary .sqlite files on the victim's computer. This can lead to unauthorized package installat...