CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-12911 – SQL Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-12911
20 Mar 2025 — This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. • https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8249 – Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-8249
20 Mar 2025 — mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. • https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8764 – Improper Authorization in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8764
20 Mar 2025 — This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests. • https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6483 – Arbitrary File/Directory Deletion in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6483
20 Mar 2025 — This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss. • https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecfd5e363 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7999 – Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7999
20 Mar 2025 — A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. • https://huntr.com/bounties/15eb4fbe-70d4-420e-806a-ec6f4ecb7202 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10572 – Denial of Service and Arbitrary File Write in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10572
20 Mar 2025 — This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service. • https://huntr.com/bounties/db8939a0-9be8-4d0f-a8b0-1bd181666da2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-10109 – Incorrect Authorization in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-10109
20 Mar 2025 — This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats. • https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8020 – Denial of Service in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-8020
20 Mar 2025 — A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. • https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10110 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-10110
20 Mar 2025 — This results in a denial of service as the tracking server becomes unable to respond to other requests. • https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9363 – Unauthorized File Deletion in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9363
20 Mar 2025 — An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. • https://huntr.com/bounties/ec7b7e1d-795d-4414-93d5-9df35d2fd391 • CWE-23: Relative Path Traversal •