Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-3435

    A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in ... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-4322

    A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on th... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-4326

    A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 4.0

    MEDIUM
    CVE-2024-4330

    A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious ... Read more

    • Published: May. 30, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-2178

    A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'ca... Read more

    • Published: Jun. 02, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-26674

    Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2024-4498

    A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing ... Read more

    • Published: Jun. 25, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-26675

    Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-6250

    An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and ... Read more

    • Published: Jun. 27, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2024-4897

    parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from the application... Read more

    • Published: Jul. 02, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2024-6394

    A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can ... Read more

    Affected Products : lollms_webui lollms_web_ui
    • Published: Sep. 30, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2024-9919

    A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, e... Read more

    Affected Products : lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-26676

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-26678

    Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-3735

    Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 01, 2023
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2023-3107

    A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.... Read more

    Affected Products : freebsd clustered_data_ontap
    • Published: Aug. 01, 2023
    • Modified: Jul. 09, 2025

  • 5.5

    MEDIUM
    CVE-2023-34872

    A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.... Read more

    Affected Products : poppler
    • Published: Jul. 31, 2023
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-1520

    An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by inje... Read more

    • Published: Apr. 10, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2025-26668

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2024-1600

    A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`)... Read more

    • Published: Apr. 10, 2024
    • Modified: Jul. 09, 2025
Showing 20 of 293545 Results