Known Vulnerabilities for products from Lollms
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Lollms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33340 json | Not Provided | 2026-03-24 | 2026-03-24 | |
| CVE-2026-1163 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-1116 json | A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisn... | Not Provided | 2026-04-12 | 2026-04-17 |
| CVE-2026-1115 json | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the late... | Not Provided | 2026-04-10 | 2026-04-16 |
| CVE-2026-1114 json | In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the us... | Not Provided | 2026-04-07 | 2026-04-28 |
| CVE-2026-0562 json | A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject f... | Not Provided | 2026-03-29 | 2026-04-22 |
| CVE-2026-0560 json | A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/a... | Not Provided | 2026-03-29 | 2026-03-31 |
| CVE-2026-0558 json | A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process fil... | Not Provided | 2026-03-29 | 2026-03-31 |