ParisNeo — Vulnerabilities & Security Advisories 82

Browse all 82 CVE security advisories affecting ParisNeo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Parisneo operates as a provider of digital signage and information display solutions, primarily targeting commercial and public sector environments for content management and advertising. Security audits have identified a significant history of vulnerabilities, with eighty-two Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve remote code execution, cross-site scripting, and authentication bypasses, often stemming from inadequate input validation and weak access controls within the web-based management interfaces. Notable incidents include the exploitation of unpatched endpoints to gain administrative privileges, allowing attackers to manipulate displayed content or execute arbitrary commands on underlying systems. The high volume of disclosed issues suggests persistent challenges in secure coding practices and timely patch management. Organizations deploying Parisneo infrastructure must prioritize rigorous network segmentation and continuous vulnerability monitoring to mitigate the risk of unauthorized system access and data compromise inherent in these legacy and current software versions.

Top products by ParisNeo: parisneo/lollms-webui parisneo/lollms lollms-webui

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1116	Cross-site Scripting (XSS) in parisneo/lollms — parisneo/lollmsCWE-79	5.4^AI	Medium^AI	2026-04-12
CVE-2026-1115	Stored XSS in parisneo/lollms — parisneo/lollmsCWE-79	6.1^AI	Medium^AI	2026-04-10
CVE-2026-1163	Insufficient Session Expiration in parisneo/lollms — parisneo/lollmsCWE-613	9.1^AI	Critical^AI	2026-04-08
CVE-2026-1114	Improper Access Control via Weak JWT Token in parisneo/lollms — parisneo/lollmsCWE-284	9.8^AI	Critical^AI	2026-04-07
CVE-2026-0558	Unauthenticated File Upload in parisneo/lollms — parisneo/lollmsCWE-287	9.8	-	2026-03-29
CVE-2026-0560	Server-Side Request Forgery (SSRF) in parisneo/lollms — parisneo/lollmsCWE-918	9.8	-	2026-03-29
CVE-2026-0562	Insecure Direct Object Reference (IDOR) in parisneo/lollms — parisneo/lollmsCWE-863	6.5	-	2026-03-29
CVE-2026-1117	Improper Access Control in parisneo/lollms — parisneo/lollmsCWE-284	8.1^AI	High^AI	2026-02-02
CVE-2025-6386	Timing Attack Vulnerability in parisneo/lollms — parisneo/lollmsCWE-203	5.9^AI	Medium^AI	2025-07-07
CVE-2024-6982	Remote Code Execution in Calculate Function in parisneo/lollms — parisneo/lollmsCWE-94	9.8	-	2025-03-20
CVE-2024-7058	Relative Path Traversal in parisneo/lollms-webui — parisneo/lollmsCWE-23	6.5	-	2025-03-20
CVE-2024-9597	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-22	9.1	-	2025-03-20
CVE-2024-11302	Missing check_access in lollms_binding_infos in parisneo/lollms — parisneo/lollmsCWE-304	9.1	-	2025-03-20
CVE-2024-6581	Remote Code Execution due to Stored XSS in parisneo/lollms — parisneo/lollmsCWE-79	8.2^AI	High^AI	2024-10-29
CVE-2024-6985	Path Traversal in api open_personality_folder in parisneo/lollms-webui — parisneo/lollmsCWE-23	7.5^AI	High^AI	2024-10-11
CVE-2024-6971	Path Traversal in parisneo/lollms-webui — parisneo/lollmsCWE-22	8.4^AI	High^AI	2024-10-11
CVE-2024-6040	Missing client_id in parisneo/lollms-webui — parisneo/lollmsCWE-352	8.8^AI	High^AI	2024-08-01
CVE-2024-6281	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-22	7.5	-	2024-07-20
CVE-2024-6139	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-29	5.3^AI	Medium^AI	2024-06-27
CVE-2024-5824	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-22	9.8^AI	Critical^AI	2024-06-27
CVE-2024-6085	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-22	9.1^AI	Critical^AI	2024-06-27
CVE-2024-4499	CSRF Vulnerability in parisneo/lollms XTTS Server — parisneo/lollmsCWE-352	8.1^AI	High^AI	2024-06-24
CVE-2024-3121	Remote Code Execution in create_conda_env function in parisneo/lollms — parisneo/lollmsCWE-94	9.8	-	2024-06-24
CVE-2024-5443	Remote Code Execution via Path Traversal in parisneo/lollms — parisneo/lollmsCWE-29	9.1	-	2024-06-22
CVE-2024-4315	LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms — parisneo/lollmsCWE-22	9.8^AI	Critical^AI	2024-06-12
CVE-2024-3429	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-29	9.1^AI	Critical^AI	2024-06-06
CVE-2024-4881	Path Traversal in parisneo/lollms — parisneo/lollmsCWE-36	9.1^AI	Critical^AI	2024-06-06
CVE-2024-4078	Arbitrary Code Execution in parisneo/lollms — parisneo/lollmsCWE-77	9.8^AI	Critical^AI	2024-05-16

This page lists every published CVE security advisory associated with ParisNeo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

ParisNeo — Vulnerabilities & Security Advisories 82