Latest CVE Feed
-
7.5
HIGHCVE-2024-6394
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can ... Read more
- Published: Sep. 30, 2024
- Modified: Jul. 09, 2025
-
8.4
HIGHCVE-2024-9919
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, e... Read more
Affected Products : lollms_web_ui- Published: Mar. 20, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-26676
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
8.4
HIGHCVE-2025-26678
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2023-3735
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Aug. 01, 2023
- Modified: Jul. 09, 2025
-
7.5
HIGHCVE-2023-3107
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.... Read more
- Published: Aug. 01, 2023
- Modified: Jul. 09, 2025
-
5.5
MEDIUMCVE-2023-34872
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.... Read more
Affected Products : poppler- Published: Jul. 31, 2023
- Modified: Jul. 09, 2025
-
9.8
CRITICALCVE-2024-1520
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by inje... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
7.5
HIGHCVE-2025-26668
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2024-1600
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`)... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
8.8
HIGHCVE-2025-26669
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2024-1602
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaS... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
8.1
HIGHCVE-2025-26670
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-26671
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-26672
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2024-1511
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary fi... Read more
- Published: Apr. 10, 2024
- Modified: Jul. 09, 2025
-
7.8
HIGHCVE-2025-47168
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47167
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47166
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
Affected Products : sharepoint_enterprise_server sharepoint_server sharepoint_server_2016 sharepoint_server_2019- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-47165
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Jun. 10, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Memory Corruption