Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ParisNeo — Vulnerabilities & Security Advisories 82

Browse all 82 CVE security advisories affecting ParisNeo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Parisneo operates as a provider of digital signage and information display solutions, primarily targeting commercial and public sector environments for content management and advertising. Security audits have identified a significant history of vulnerabilities, with eighty-two Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve remote code execution, cross-site scripting, and authentication bypasses, often stemming from inadequate input validation and weak access controls within the web-based management interfaces. Notable incidents include the exploitation of unpatched endpoints to gain administrative privileges, allowing attackers to manipulate displayed content or execute arbitrary commands on underlying systems. The high volume of disclosed issues suggests persistent challenges in secure coding practices and timely patch management. Organizations deploying Parisneo infrastructure must prioritize rigorous network segmentation and continuous vulnerability monitoring to mitigate the risk of unauthorized system access and data compromise inherent in these legacy and current software versions.

Top products by ParisNeo: parisneo/lollms-webui parisneo/lollms lollms-webui
CVE IDTitleCVSSSeverityPublished
CVE-2024-2362 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-36 9.1AICriticalAI2024-06-06
CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui — parisneo/lollms-webuiCWE-918 9.8AICriticalAI2024-06-06
CVE-2024-2178 Path Traversal Vulnerability in parisneo/lollms-webui — parisneo/lollms-webuiCWE-29 7.5 -2024-06-02
CVE-2024-4330 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-23 7.5AIHighAI2024-05-30
CVE-2024-4267 Remote Code Execution in parisneo/lollms-webui — parisneo/lollms-webuiCWE-77 9.8AICriticalAI2024-05-22
CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui — parisneo/lollms-webuiCWE-77 9.8AICriticalAI2024-05-16
CVE-2024-2361 Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-29 9.1AICriticalAI2024-05-16
CVE-2024-4078 Arbitrary Code Execution in parisneo/lollms — parisneo/lollmsCWE-77 9.8AICriticalAI2024-05-16
CVE-2024-3435 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-29 9.8AICriticalAI2024-05-16
CVE-2024-3126 Command Injection in parisneo/lollms-webui — parisneo/lollms-webuiCWE-78 9.8AICriticalAI2024-05-16
CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui — parisneo/lollms-webuiCWE-15 9.8AICriticalAI2024-05-16
CVE-2024-4322 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-29 7.5AIHighAI2024-05-16
CVE-2024-2358 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui — parisneo/lollms-webuiCWE-29 9.8AICriticalAI2024-05-16
CVE-2024-2299 Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui — parisneo/lollms-webuiCWE-79 6.1 -2024-05-12
CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui — parisneo/lollms-webuiCWE-400 7.5 -2024-04-16
CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui — parisneo/lollms-webuiCWE-288 9.8 -2024-04-16
CVE-2024-1601 SQL Injection in parisneo/lollms-webui — parisneo/lollms-webuiCWE-89 7.5 -2024-04-16
CVE-2024-1520 OS Command Injection in parisneo/lollms-webui — parisneo/lollms-webuiCWE-78 9.8AICriticalAI2024-04-10
CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui — parisneo/lollms-webuiCWE-79 9.0AICriticalAI2024-04-10
CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui — parisneo/lollms-webuiCWE-22 8.8AIHighAI2024-04-10
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui — parisneo/lollms-webuiCWE-98 7.5AIHighAI2024-04-10
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui — parisneo/lollms-webuiCWE-352 7.4AIHighAI2024-03-30

This page lists every published CVE security advisory associated with ParisNeo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.