| CVE-2026-1163 |
medium |
4.1 |
4.1 |
|
|
|
2mo ago |
parisneo/lollms has an insufficient session expiration vulnerability |
| CVE-2026-1115 |
unknown |
— |
— |
|
|
|
2mo ago |
parisneo/lollms vulnerable to stored XSS in the social feature |
| CVE-2026-1117 |
unknown |
— |
— |
|
|
|
4mo ago |
Lollms has an Improper Access Control vulnerability |
| CVE-2025-6386 |
unknown |
— |
— |
|
|
|
11mo ago |
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function |
| CVE-2024-6982 |
unknown |
— |
— |
|
|
|
1y ago |
LoLLMS Code Injection vulnerability |
| CVE-2024-6581 |
unknown |
— |
— |
|
|
|
2y ago |
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this … |
| CVE-2024-6985 |
unknown |
— |
— |
|
|
|
2y ago |
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the v… |
| CVE-2024-6971 |
unknown |
— |
— |
|
|
|
2y ago |
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py |
| CVE-2024-6281 |
unknown |
— |
— |
|
|
|
2y ago |
LoLLMS vulnerable to Expected Behavior Violation |
| CVE-2024-6139 |
unknown |
— |
— |
|
|
|
2y ago |
lollms vulnerable to dot-dot-slash path traversal in XTTS server |
| CVE-2024-5824 |
unknown |
— |
— |
|
|
|
2y ago |
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE |
| CVE-2024-6085 |
unknown |
— |
— |
|
|
|
2y ago |
lollms vulnerable to path traversal due to unauthenticated root folder settings change |
| CVE-2024-3121 |
unknown |
— |
— |
|
|
|
2y ago |
Remote Code Execution in create_conda_env function in lollms |
| CVE-2024-5443 |
unknown |
— |
— |
|
|
|
2y ago |
Remote Code Execution via path traversal bypass in lollms |
| CVE-2024-4315 |
unknown |
— |
— |
|
|
|
2y ago |
parisneo/lollms Local File Inclusion (LFI) attack |
| CVE-2024-3429 |
unknown |
— |
— |
|
|
|
2y ago |
LoLLMS Path Traversal vulnerability |
| CVE-2024-4881 |
unknown |
— |
— |
|
|
|
2y ago |
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to imprope… |
| CVE-2024-4330 |
unknown |
— |
— |
|
|
|
2y ago |
path traversal vulnerability was identified in the parisneo/lollms-webui |
| CVE-2024-4078 |
unknown |
— |
— |
|
|
|
2y ago |
LoLLMS Command Injection vulnerability |