Lollms Security Vulnerabilities (CVEs)
Track 41 security vulnerabilities affecting Lollms products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in parisneo/lollms-webui allows attackers to cause denial of service by sending specially crafted file upload requests with excessi...
Mar 20, 2025This vulnerability allows unauthenticated attackers to delete directories via the uninstall API endpoint in parisneo/lollms-webui. Attackers can explo...
Mar 20, 2025This vulnerability allows attackers to upload malicious files with dangerous extensions (.py, .sh, .bat, etc.) and execute them via the '/open_file' A...
Mar 20, 2025A path traversal vulnerability in parisneo/lollms-webui version V12 allows attackers to create or delete arbitrary directories on the system by exploi...
Mar 20, 2025This vulnerability in parisneo/lollms-webui allows attackers to delete any file or directory on the system through path traversal in the upload_app fu...
Mar 20, 2025This CSRF vulnerability in lollms-webui allows attackers to cause denial of service by exploiting file upload endpoints. Attackers can append extra ch...
Mar 20, 2025A stored Cross-site Scripting (XSS) vulnerability in parisneo/lollms-webui allows attackers to inject malicious JavaScript into the System Template co...
Mar 20, 2025This SSRF vulnerability in parisneo/lollms-webui allows attackers to make the server send unauthorized HTTP requests to internal or external systems, ...
Mar 20, 2025This vulnerability allows attackers to list arbitrary directories on Windows systems running vulnerable versions of lollms-webui. By sending a special...
Mar 20, 2025This vulnerability in lollms-webui version 9.6 allows attackers to upload malicious SVG files containing JavaScript code that executes when rendered, ...
Nov 14, 2024A CORS misconfiguration in lollms-webui allows attackers to steal sensitive information like logs, browser sessions, and settings containing private A...
Oct 29, 2024This vulnerability in Lollms v9.9 allows attackers to upload malicious SVG files that bypass incomplete sanitization, leading to cross-site scripting ...
Oct 29, 2024This vulnerability in parisneo/lollms-webui version 9.8 allows attackers to cause a Denial of Service (DoS) by uploading specially crafted audio files...
Oct 13, 2024A path traversal vulnerability in the lollms-webui allows attackers to perform vectorize operations on arbitrary .sqlite files on the victim's compute...
Oct 11, 2024A Local File Inclusion vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files on the server through path traversal. This affe...
Sep 30, 2024This vulnerability in parisneo/lollms-webui allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against binding management endpoints...
Aug 1, 2024This vulnerability allows remote attackers to execute arbitrary code on systems running lollms-webui by uploading malicious model files through the bi...
Jul 2, 2024An absolute path traversal vulnerability in parisneo/lollms-webui v9.6 allows attackers to read arbitrary files and list directories on Windows system...
Jun 27, 2024This Cross-site Scripting (XSS) vulnerability in parisneo/lollms-webui allows attackers to inject malicious JavaScript via chat messages, which execut...
Jun 27, 2024This CVE describes a Path Traversal and Remote File Inclusion vulnerability in the parisneo/lollms-webui application that allows attackers to manipula...
Jun 25, 2024A path traversal vulnerability in parisneo/lollms allows attackers to read or delete any file on Windows systems by exploiting improper path validatio...
Jun 6, 2024This CVE-2024-4320 is a critical remote code execution vulnerability in the parisneo/lollms-webui application. Attackers can exploit the '/install_ext...
Jun 6, 2024This path traversal vulnerability in the lollms-webui's codeguard personality allows attackers to read and overwrite arbitrary files on the system by ...
Jun 6, 2024A path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files on Windows systems by exploiting inadequate path vali...
Jun 6, 2024This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the lollms-webui application by manipulating the 'path' pa...
Jun 6, 2024A CSRF vulnerability in Lollms WebUI versions up to 7.3.0 allows attackers to change victims' profile pictures without consent. This can lead to denia...
Jun 6, 2024This vulnerability in parisneo/lollms-webui version 9.3 allows attackers to bypass access restrictions and execute arbitrary code remotely. Attackers ...
Jun 6, 2024A path traversal vulnerability in parisneo/lollms-webui version 9.3 on Windows allows attackers to delete any file on the system by exploiting imprope...
Jun 6, 2024The CVE-2024-1873 vulnerability in parisneo/lollms-webui allows attackers to perform path traversal attacks through an exposed /select_database endpoi...
Jun 6, 2024This path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files by manipulating parameters in the 'copy_to_custom_...
Jun 2, 2024This CVE describes a critical command injection vulnerability in the parisneo/lollms-webui's 'open_file' module. Attackers can exploit it by providing...
May 22, 2024This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of parisneo/lollms-webui. Attackers can by...
May 16, 2024A path traversal vulnerability in the parisneo/lollms-webui application allows attackers to manipulate configuration settings via specially crafted JS...
May 16, 2024This CVE describes a command injection vulnerability in the parisneo/lollms-webui application that allows remote attackers to execute arbitrary comman...
May 16, 2024This CVE describes a remote code execution vulnerability in the parisneo/lollms-webui application. Attackers can exploit insufficient path sanitizatio...
May 16, 2024A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code by exploiting ins...
May 16, 2024An SQL injection vulnerability in the parisneo/lollms-webui application allows attackers to delete all discussion and message data by sending a crafte...
Apr 16, 2024CVE-2024-1646 is an authentication bypass vulnerability in parisneo/lollms-webui that allows unauthorized access to sensitive endpoints. Attackers can...
Apr 16, 2024This CVE describes a Local File Inclusion vulnerability in the parisneo/lollms-webui application that allows attackers to read arbitrary files on the ...
Apr 10, 2024This CVE describes a critical OS command injection vulnerability in the lollms-webui application's '/open_code_folder' endpoint. Attackers can execute...
Apr 10, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary OS commands on a v...
Mar 30, 2024Why Monitor Lollms Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 41+ known vulnerabilities affecting Lollms products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Lollms packages in under 60 seconds. No agents required - completely agentless scanning that works across Lollms deployments.
Free vulnerability database: Access detailed information about every Lollms CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Lollms CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
