Latest CVE Feed
-
7.7
HIGHCVE-2024-4498
A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing ... Read more
- Published: Jun. 25, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-26675
Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-6250
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and ... Read more
- Published: Jun. 27, 2024
- Modified: Jul. 09, 2025
-
8.4
HIGHCVE-2024-4897
parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from the application... Read more
- Published: Jul. 02, 2024
- Modified: Jul. 09, 2025
-
7.5
HIGHCVE-2024-6394
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can ... Read more
- Published: Sep. 30, 2024
- Modified: Jul. 09, 2025
-
8.4
HIGHCVE-2024-9919
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, e... Read more
Affected Products : lollms_web_ui- Published: Mar. 20, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-26676
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
8.4
HIGHCVE-2025-26678
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2023-3735
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more
- EPSS Score: %0.18
- Published: Aug. 01, 2023
- Modified: Jul. 09, 2025
-
7.5
HIGHCVE-2023-3107
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.... Read more
- EPSS Score: %0.16
- Published: Aug. 01, 2023
- Modified: Jul. 09, 2025
-
5.5
MEDIUMCVE-2023-34872
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.... Read more
Affected Products : poppler- EPSS Score: %0.27
- Published: Jul. 31, 2023
- Modified: Jul. 09, 2025
-
9.8
CRITICALCVE-2024-1520
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by inje... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
7.5
HIGHCVE-2025-26668
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2024-1600
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`)... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
8.8
HIGHCVE-2025-26669
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2024-1602
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaS... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
8.1
HIGHCVE-2025-26670
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-26671
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-26672
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2024-1511
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary fi... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025