CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12388 – Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-12388
20 Mar 2025 — A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. • https://huntr.com/bounties/b1c01c94-e477-41db-9d17-601aa25e351c • CWE-115: Misinterpretation of Input •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0317 – Divide By Zero in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0317
20 Mar 2025 — This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack. • https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0182 – Denial of Service in danswer-ai/danswer
https://notcve.org/view.php?id=CVE-2025-0182
20 Mar 2025 — A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. ... The vulnerability can be exploited by sending multiple requests to the /auth/saml/callback endpoint, leading to uncontrolled memory consumption and eventual denial of service. • https://huntr.com/bounties/969b8056-b66c-4d70-8f77-04c1cbdc1d1a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7036 – Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7036
20 Mar 2025 — A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel. • https://huntr.com/bounties/ba62d093-ab27-48fa-9c53-0602c8cdc48a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6827 – HTTP Request Smuggling in benoitc/gunicorn
https://notcve.org/view.php?id=CVE-2024-6827
20 Mar 2025 — This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse. • https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-7033 – Arbitrary File Write in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7033
20 Mar 2025 — This can result in overwriting critical system or application files, causing denial of service, or potentially achieving remote code execution (RCE). • https://huntr.com/bounties/7078261f-8414-4bb7-9d72-a2a4d8bfd5d1 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8028 – Denial of Service in danswer-ai/danswer
https://notcve.org/view.php?id=CVE-2024-8028
20 Mar 2025 — A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. • https://huntr.com/bounties/55530ecb-0ac2-4dc1-9527-bf24de594a57 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10935 – Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui
https://notcve.org/view.php?id=CVE-2024-10935
20 Mar 2025 — This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service (DoS) for all users. • https://huntr.com/bounties/e6fdc6ed-f38d-4798-b60a-0e47893a81a6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10829 – Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt
https://notcve.org/view.php?id=CVE-2024-10829
20 Mar 2025 — A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. • https://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0315 – Allocation of Resources Without Limits or Throttling in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0315
20 Mar 2025 — This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack. • https://huntr.com/bounties/da414d29-b55a-496f-b135-17e0fcec67bc • CWE-770: Allocation of Resources Without Limits or Throttling •