Lollms
This hub aggregates every CVE we track for Lollms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
26
CVEs tracked
8
Critical
11
High
0
In CISA KEV
Severity distribution
HIGH11CRITICAL8MEDIUM5LOW2
Monthly trend
1
0
0
3
0
0
0
0
2
0
0
0
1
0
0
0
0
0
0
1
3
3
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Lollms.
- CVE-2026-5728Уязвимость сценария backend/routers/files.py системы для запуска и управления большими языковыми моделями LoLLMS (Lord of Large Language Multimodal Systems), позволяющая нарушителю записывать произвольные файлы6.3
- CVE-2026-1116Cross-site Scripting (XSS) in parisneo/lollms6.1
- CVE-2026-1115Stored XSS in parisneo/lollms9.6
- CVE-2026-1114Improper Access Control via Weak JWT Token in parisneo/lollms9.8
- CVE-2026-0558Unauthenticated File Upload in parisneo/lollms9.8
- CVE-2026-0560Server-Side Request Forgery (SSRF) in parisneo/lollms7.5
- CVE-2026-0562Insecure Direct Object Reference (IDOR) in parisneo/lollms8.3
- CVE-2026-1117Improper Access Control in parisneo/lollms8.2
- CVE-2025-6386Timing Attack Vulnerability in parisneo/lollms7.5
- CVE-2024-6982Remote Code Execution in Calculate Function in parisneo/lollms8.4
- CVE-2024-11302Missing check_access in lollms_binding_infos in parisneo/lollms8.0
- CVE-2024-6581Remote Code Execution due to Stored XSS in parisneo/lollms9.0
- CVE-2024-6985Path Traversal in api open_personality_folder in parisneo/lollms-webui4.4
- CVE-2024-6971Path Traversal in parisneo/lollms-webui4.4
- CVE-2024-6281Path Traversal in parisneo/lollms7.3
Product normalization is registry-driven with AI assist and human review. How it works