Skip to main content
CVE-2024-2178 HIGH POC This Week

A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-36390 HIGH This Week

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Devicehub
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36391 HIGH This Week

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Devicehub
NVD
CVSS 3.1
7.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy