CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0312 – NULL Pointer Dereference in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0312
20 Mar 2025 — A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network. • https://huntr.com/bounties/522c87b6-a7ac-41b2-84f3-62fd58921f21 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10051 – Unauthenticated Denial of Service in shaunwei/realchar
https://notcve.org/view.php?id=CVE-2024-10051
20 Mar 2025 — Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user i... • https://huntr.com/bounties/6db72368-e7bc-43ee-a4ae-6092f710c263 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12534 – Denial of Service (DoS) in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-12534
20 Mar 2025 — In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legit... • https://huntr.com/bounties/c7c0a4e6-acd3-49b4-8684-2c2c27014b76 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-1451 – Insufficient Patch Leading to DoS in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2025-1451
20 Mar 2025 — A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leading to resource exhaustion and eventual denial of service (DoS). Despite an attempted patch in commit 483431bb, which blocked hyphen characters from being appen... • https://huntr.com/bounties/63f5aea4-953b-4b38-9f10-3afe425be1d4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7768 – Denial of Service in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-7768
20 Mar 2025 — A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. • https://huntr.com/bounties/3fe640df-bef4-4072-8890-0d12bc2818f6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10188 – Denial of Service in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-10188
20 Mar 2025 — A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server. • https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12864 – Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything
https://notcve.org/view.php?id=CVE-2024-12864
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. ... This attack does not require authentication, making it highly scalable and increasing the risk of exploitation. • https://huntr.com/bounties/365c3b9a-180c-4bb5-98d8-dbd78d93fcb7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8057 – Improper Access Control in danswer-ai/danswer
https://notcve.org/view.php?id=CVE-2024-8057
20 Mar 2025 — In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. ... This can lead to excessive resource consumption, potentially resulting in a Denial of Service (DoS) and other significant issues, impacting the system's stability and security. • https://huntr.com/bounties/b5991b98-a721-4acd-8ef2-980e15682913 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0191 – Denial of Service in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2025-0191
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. • https://huntr.com/bounties/c89a1dfd-a733-41b3-af20-6ef6024361eb • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10624 – Regular Expression Denial of Service (ReDoS) in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-10624
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. ... The vulnerability arises from the use of a regular expression `^(?... An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server. • https://huntr.com/bounties/e8d0b248-8feb-4c23-9ef9-be4d1e868374 • CWE-400: Uncontrolled Resource Consumption •