CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10829 – Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt
https://notcve.org/view.php?id=CVE-2024-10829
20 Mar 2025 — A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. • https://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0315 – Allocation of Resources Without Limits or Throttling in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0315
20 Mar 2025 — This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack. • https://huntr.com/bounties/da414d29-b55a-496f-b135-17e0fcec67bc • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-12911 – SQL Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-12911
20 Mar 2025 — This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1. • https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8249 – Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-8249
20 Mar 2025 — mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. • https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8764 – Improper Authorization in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8764
20 Mar 2025 — This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests. • https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6483 – Arbitrary File/Directory Deletion in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6483
20 Mar 2025 — This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss. • https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecfd5e363 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7999 – Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7999
20 Mar 2025 — A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. • https://huntr.com/bounties/15eb4fbe-70d4-420e-806a-ec6f4ecb7202 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10572 – Denial of Service and Arbitrary File Write in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10572
20 Mar 2025 — This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service. • https://huntr.com/bounties/db8939a0-9be8-4d0f-a8b0-1bd181666da2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-10109 – Incorrect Authorization in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-10109
20 Mar 2025 — This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats. • https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8020 – Denial of Service in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-8020
20 Mar 2025 — A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. • https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a • CWE-400: Uncontrolled Resource Consumption •