Parisneo/lollms

This hub aggregates every CVE we track for Parisneo/lollms, a product in the ai ml space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Parisneo/lollms.

• CVE-2026-1116Cross-site Scripting (XSS) in parisneo/lollms6.1Apr 12, 2026
• CVE-2026-1115Stored XSS in parisneo/lollms9.6Apr 10, 2026
• CVE-2026-1163Insufficient Session Expiration in parisneo/lollms4.1Apr 8, 2026
• CVE-2026-1114Improper Access Control via Weak JWT Token in parisneo/lollms9.8Apr 7, 2026
• CVE-2026-0558Unauthenticated File Upload in parisneo/lollms9.8Mar 29, 2026
• CVE-2026-0560Server-Side Request Forgery (SSRF) in parisneo/lollms7.5Mar 29, 2026
• CVE-2026-0562Insecure Direct Object Reference (IDOR) in parisneo/lollms8.3Mar 29, 2026
• CVE-2026-1117Improper Access Control in parisneo/lollms8.2Feb 2, 2026
• CVE-2025-6386Timing Attack Vulnerability in parisneo/lollms7.5Jul 7, 2025
• CVE-2024-6982Remote Code Execution in Calculate Function in parisneo/lollms8.4Mar 20, 2025
• CVE-2024-7058Relative Path Traversal in parisneo/lollms-webui4.4Mar 20, 2025
• CVE-2024-9597Path Traversal in parisneo/lollms7.1Mar 20, 2025
• CVE-2024-11302Missing check_access in lollms_binding_infos in parisneo/lollms8.0Mar 20, 2025
• CVE-2024-6581Remote Code Execution due to Stored XSS in parisneo/lollms9.0Oct 29, 2024
• CVE-2024-6985Path Traversal in api open_personality_folder in parisneo/lollms-webui4.4Oct 11, 2024