CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0187 – Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2025-0187
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. • https://huntr.com/bounties/77f3ed54-9e1c-4d9f-948f-ee6f82e2fe24 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9229 – Denial of Service (DoS) via Multipart Boundary in stangirard/quivr
https://notcve.org/view.php?id=CVE-2024-9229
20 Mar 2025 — A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users. • https://huntr.com/bounties/946a412d-422f-4623-bb1d-d2646ad23dfd • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9437 – Unauthenticated Denial of Service in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9437
20 Mar 2025 — SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user inter... • https://huntr.com/bounties/27404e9c-eb3d-4626-a9d9-8dc1b3295ce0 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7983 – Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7983
20 Mar 2025 — In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. • https://huntr.com/bounties/f8156ca5-1328-480f-a72b-8d3dfdad87dc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10714 – Denial of Service in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-10714
20 Mar 2025 — A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. • https://huntr.com/bounties/3e25b76c-714f-4948-8f5a-0ec9a6500068 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11173 – Unhandled Exception in danny-avila/librechat
https://notcve.org/view.php?id=CVE-2024-11173
20 Mar 2025 — An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. • https://github.com/danny-avila/librechat/commit/95a212534f1c5991bd1231a34ac3668b4b592cc3 • CWE-248: Uncaught Exception •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12391 – Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-12391
20 Mar 2025 — A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the... • https://huntr.com/bounties/70b3f4f0-6b1b-4563-a18c-fe46502e6ba0 • CWE-183: Permissive List of Allowed Inputs •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8018 – Denial of Service (DOS) in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-8018
20 Mar 2025 — A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data i... • https://huntr.com/bounties/0661fa3b-bea4-4156-abed-a65d51958505 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11033 – Denial of Service (DoS) in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-11033
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. • https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8789 – Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8789
20 Mar 2025 — Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. ... Certain regular expressions can have exponential runtime complexity relative to the input size, leading to potential denial of service. An attacker can exploit this by submitting a specially crafted regular expression, causing the server to become unresponsive for an arbitrary length of time. • https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa • CWE-400: Uncontrolled Resource Consumption •