Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

parisneo — Vulnerabilities & Security Advisories 82

Browse all 82 CVE security advisories affecting parisneo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Parisneo operates as a provider of digital signage and information display solutions, primarily targeting commercial and public sector environments for content management and advertising. Security audits have identified a significant history of vulnerabilities, with eighty-two Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve remote code execution, cross-site scripting, and authentication bypasses, often stemming from inadequate input validation and weak access controls within the web-based management interfaces. Notable incidents include the exploitation of unpatched endpoints to gain administrative privileges, allowing attackers to manipulate displayed content or execute arbitrary commands on underlying systems. The high volume of disclosed issues suggests persistent challenges in secure coding practices and timely patch management. Organizations deploying Parisneo infrastructure must prioritize rigorous network segmentation and continuous vulnerability monitoring to mitigate the risk of unauthorized system access and data compromise inherent in these legacy and current software versions.

Top products by parisneo: parisneo/lollms-webui parisneo/lollms lollms-webui
CVE IDTitleCVSSSeverityPublished
CVE-2026-1116 Cross-site Scripting (XSS) in parisneo/lollms — parisneo/lollmsCWE-79 5.4AIMediumAI2026-04-12
CVE-2026-1115 Stored XSS in parisneo/lollms — parisneo/lollmsCWE-79 6.1AIMediumAI2026-04-10
CVE-2026-1163 Insufficient Session Expiration in parisneo/lollms — parisneo/lollmsCWE-613 9.1AICriticalAI2026-04-08
CVE-2026-1114 Improper Access Control via Weak JWT Token in parisneo/lollms — parisneo/lollmsCWE-284 9.8AICriticalAI2026-04-07
CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms — parisneo/lollmsCWE-287 9.8 -2026-03-29
CVE-2026-0560 Server-Side Request Forgery (SSRF) in parisneo/lollms — parisneo/lollmsCWE-918 9.8 -2026-03-29
CVE-2026-0562 Insecure Direct Object Reference (IDOR) in parisneo/lollms — parisneo/lollmsCWE-863 6.5 -2026-03-29
CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint — lollms-webuiCWE-306 9.1 Critical2026-03-24
CVE-2024-2356 Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui — parisneo/lollms-webuiCWE-29 9.8AICriticalAI2026-02-02
CVE-2026-1117 Improper Access Control in parisneo/lollms — parisneo/lollmsCWE-284 8.1AIHighAI2026-02-02
CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms — parisneo/lollmsCWE-203 5.9AIMediumAI2025-07-07
CVE-2024-12766 SSRF in parisneo/lollms-webui — parisneo/lollms-webuiCWE-918 9.8 -2025-03-20
CVE-2024-8736 Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui — parisneo/lollms-webuiCWE-352 6.5 -2025-03-20
CVE-2024-8898 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-22 9.1 -2025-03-20
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui — parisneo/lollms-webuiCWE-770 7.5 -2025-03-20
CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui — parisneo/lollms-webuiCWE-79 5.4 -2025-03-20
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms — parisneo/lollmsCWE-94 9.8 -2025-03-20
CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui — parisneo/lollms-webuiCWE-78 9.8 -2025-03-20
CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui — parisneo/lollms-webuiCWE-434 9.8 -2025-03-20
CVE-2024-9919 Missing Authentication Check in parisneo/lollms-webui — parisneo/lollms-webuiCWE-306 7.5 -2025-03-20
CVE-2024-7058 Relative Path Traversal in parisneo/lollms-webui — parisneo/lollmsCWE-23 6.5 -2025-03-20
CVE-2024-10047 Directory Listing Vulnerability in parisneo/lollms-webui — parisneo/lollms-webuiCWE-36 5.3 -2025-03-20
CVE-2024-9597 Path Traversal in parisneo/lollms — parisneo/lollmsCWE-22 9.1 -2025-03-20
CVE-2024-8581 Path Traversal in parisneo/lollms-webui — parisneo/lollms-webuiCWE-22 7.5 -2025-03-20
CVE-2024-11302 Missing check_access in lollms_binding_infos in parisneo/lollms — parisneo/lollmsCWE-304 9.1 -2025-03-20
CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui — parisneo/lollms-webuiCWE-79 6.1 -2024-11-14
CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui — parisneo/lollms-webuiCWE-352 8.1AIHighAI2024-10-29
CVE-2024-6581 Remote Code Execution due to Stored XSS in parisneo/lollms — parisneo/lollmsCWE-79 8.2AIHighAI2024-10-29
CVE-2024-6674 Data Leak through CORS Misconfiguration in parisneo/lollms-webui — parisneo/lollms-webuiCWE-346 7.1AIHighAI2024-10-29
CVE-2024-6959 Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui — parisneo/lollms-webuiCWE-352 7.5 -2024-10-13

This page lists every published CVE security advisory associated with parisneo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.