| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1116 | Cross-site Scripting (XSS) in parisneo/lollms | parisneo | parisneo/lollms | - | - | 2026-04-12 02:22:52 | Deep Dive |
| CVE-2026-1115 | Stored XSS in parisneo/lollms | parisneo | parisneo/lollms | - | - | 2026-04-10 06:23:13 | Deep Dive |
| CVE-2026-1163 | Insufficient Session Expiration in parisneo/lollms | parisneo | parisneo/lollms | - | - | 2026-04-08 02:20:51 | Deep Dive |
| CVE-2026-1114 | Improper Access Control via Weak JWT Token in parisneo/lollms | parisneo | parisneo/lollms | - | - | 2026-04-07 06:19:05 | Deep Dive |
| CVE-2026-0558 | Unauthenticated File Upload in parisneo/lollms | parisneo | parisneo/lollms | 高危 | - | 2026-03-29 17:53:08 | Deep Dive |
| CVE-2026-0560 | Server-Side Request Forgery (SSRF) in parisneo/lollms | parisneo | parisneo/lollms | 高危 | - | 2026-03-29 17:51:21 | Deep Dive |
| CVE-2026-0562 | Insecure Direct Object Reference (IDOR) in parisneo/lollms | parisneo | parisneo/lollms | 高危 | - | 2026-03-29 17:49:44 | Deep Dive |
| CVE-2026-33340 | LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint | ParisNeo | lollms-webui | Critical | 9.1 | 2026-03-24 15:58:36 | Deep Dive |
| CVE-2024-2356 | Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | - | - | 2026-02-02 10:36:24 | Deep Dive |
| CVE-2026-1117 | Improper Access Control in parisneo/lollms | parisneo | parisneo/lollms | - | - | 2026-02-02 09:55:27 | Deep Dive |
| CVE-2025-6386 | Timing Attack Vulnerability in parisneo/lollms | parisneo | parisneo/lollms | - | - | 2025-07-07 09:55:20 | Deep Dive |
| CVE-2024-12766 | SSRF in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 高危 | - | 2025-03-20 10:11:21 | Deep Dive |
| CVE-2024-8736 | Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 高危 | - | 2025-03-20 10:11:18 | Deep Dive |
| CVE-2024-8898 | Path Traversal in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 中危 | - | 2025-03-20 10:10:58 | Deep Dive |
| CVE-2025-1451 | Insufficient Patch Leading to DoS in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 高危 | - | 2025-03-20 10:10:50 | Deep Dive |
| CVE-2024-6986 | Cross-site Scripting (XSS) in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 中危 | - | 2025-03-20 10:10:41 | Deep Dive |
| CVE-2024-6982 | Remote Code Execution in Calculate Function in parisneo/lollms | parisneo | parisneo/lollms | 高危 | - | 2025-03-20 10:10:32 | Deep Dive |
| CVE-2024-10019 | Path Traversal and OS Command Injection in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 中危 | - | 2025-03-20 10:10:15 | Deep Dive |
| CVE-2024-9920 | Unrestricted File Upload and Execution in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 中危 | - | 2025-03-20 10:10:08 | Deep Dive |
| CVE-2024-9919 | Missing Authentication Check in parisneo/lollms-webui | parisneo | parisneo/lollms-webui | 高危 | - | 2025-03-20 10:09:56 | Deep Dive |