Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Session Expiration in parisneo/lollms
Vulnerability Description
An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject requests after a period of inactivity and the excessively long default session duration of 31 days. The vulnerability enables an attacker to maintain persistent access to a compromised account, even after the victim resets their password.
CVSS Information
N/A
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
LoLLMs 代码问题漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言与多模态系统。 LoLLMs存在代码问题漏洞,该漏洞源于密码重置后会话过期机制不足,可能导致攻击者维持对受损账户的持久访问。
CVSS Information
N/A
Vulnerability Type
N/A