Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2024-10047

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.

Published: Mar 20, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-10047
Exploit:

No technical information available.

CWEs:

CWE-36

Affected Software
References

Software	From	Fixed in
lollms / lollms_web_ui	9.9	9.9.x

https://huntr.com/bounties/69c3a27c-bd93-4aff-a46b-56798f28a3ce

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo