Home/Product/lollms web ui
Product

lollms web ui

56 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-33340
all versions
LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Fo
9.1CRITICAL
 CVE-2025-1451
all versions
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server
7.5HIGH
 CVE-2024-9920
all versions
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including
8.8HIGH
 CVE-2024-9919
all versions
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized dir
8.4HIGH
 CVE-2024-8898
all versions
A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 (Strawbe
9.8CRITICAL
 CVE-2024-8736
all versions
A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry)
6.5MEDIUM
 CVE-2024-8581
all versions
A vulnerability in the upload_app function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or di
9.1CRITICAL
 CVE-2024-7058
all versions
A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization
4.4MEDIUM
 CVE-2024-6986
all versions
A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is
5.4MEDIUM
 CVE-2024-12766
all versions
parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/prox
7.5HIGH
 CVE-2024-10047
all versions
parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitr
5.3MEDIUM
 CVE-2024-10019
all versions
A vulnerability in the start_app_server function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS comm
6.7MEDIUM
 CVE-2024-5125
all versions
parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation
7.3HIGH
 CVE-2024-6674
< 10
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs,
7.1HIGH
 CVE-2024-6673
< 10
A Cross-Site Request Forgery (CSRF) vulnerability exists in the install_comfyui endpoint of the lollms_comfyui.py file in the
6.5MEDIUM
 CVE-2024-6959
all versions
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If
7.1HIGH
 CVE-2024-6971
all versions
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollms_file_system.py file. T
4.4MEDIUM
 CVE-2024-6394
all versions
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified p
7.5HIGH
 CVE-2024-6040
all versions
In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple securi
8.8HIGH
 CVE-2024-4897
< 9.8
parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-py
8.4HIGH
 CVE-2024-6250
all versions
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the open_file endpoint of `lollms
7.5HIGH
 CVE-2024-5933
all versions
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This v
5.4MEDIUM
 CVE-2024-4498
all versions
A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions
7.7HIGH
 CVE-2024-4839
all versions
A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, ve
3.3LOW
 CVE-2024-4841
all versions
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function
3.3LOW
 CVE-2024-4403
all versions
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This v
8.8HIGH
 CVE-2024-4328
all versions
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui
8.1HIGH
 CVE-2024-4320
all versions
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application,
9.8CRITICAL
 CVE-2024-3322
< 9.5
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting
9.8CRITICAL
 CVE-2024-2624
< 9.4
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the
9.8CRITICAL
 CVE-2024-2548
< 9.5
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server
7.5HIGH
 CVE-2024-2362
all versions
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation
9.1CRITICAL
 CVE-2024-2360
all versions
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitizat
9.8CRITICAL
 CVE-2024-2359
all versions
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbit
9.8CRITICAL
 CVE-2024-2288
< 9.3
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, sp
8.3HIGH
 CVE-2024-1873
all versions
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /select_database endpoint
9.1CRITICAL
 CVE-2024-5482
all versions
A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application,
9.8CRITICAL
 CVE-2024-2178
< 9.4
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in
7.5HIGH
 CVE-2024-4330
>= 9.6 and < 9.8
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulner
3.3LOW
 CVE-2024-4267
all versions
A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, versi
9.8CRITICAL
 CVE-2024-4326
< 9.5
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability s
9.8CRITICAL
 CVE-2024-4322
< 9.8
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /list_personalities endp
7.5HIGH
 CVE-2024-3435
< 9.5
A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions
8.4HIGH
 CVE-2024-3126
< 9.5
A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifica
8.4HIGH
 CVE-2024-2366
< 9.5
A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding f
9.0CRITICAL
 CVE-2024-2361
< 9.5
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-su
9.6CRITICAL
 CVE-2024-2358
< 9.5
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary co
9.8CRITICAL
 CVE-2024-2299
< 9.5
A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of up
6.1MEDIUM
 CVE-2024-1646
< 9.3
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The applicat
8.2HIGH
 CVE-2024-1601
all versions
An SQL injection vulnerability exists in the delete_discussion() function of the parisneo/lollms-webui application, allowing an
9.8CRITICAL
 CVE-2024-1569
all versions
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can ex
7.5HIGH
 CVE-2024-1602
all versions
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerabil
6.1MEDIUM
 CVE-2024-1600
>= 9.0 and < 9.6
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalitie
9.3CRITICAL
 CVE-2024-1520
>= 9.0 and < 9.2
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to
9.8CRITICAL
 CVE-2024-1511
all versions
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplie
9.8CRITICAL
 CVE-2024-1522
>= 9.0 and <= 9.2
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrar
8.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin