GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

GHSA-q78v-cv36-8fxj: Devtron has SQL Injection in CreateUser API

A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`.

**lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE**

High severity GitHub Reviewed Published Jun 27, 2024 to the GitHub Advisory Database • Updated Jun 28, 2024

Headline

GHSA-m45c-v46h-c788: lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE

ghsa: Latest News