CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8764 – Improper Authorization in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8764
20 Mar 2025 — This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests. • https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa • CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6483 – Arbitrary File/Directory Deletion in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6483
20 Mar 2025 — This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss. • https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecfd5e363 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7999 – Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7999
20 Mar 2025 — A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. • https://huntr.com/bounties/15eb4fbe-70d4-420e-806a-ec6f4ecb7202 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10572 – Denial of Service and Arbitrary File Write in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10572
20 Mar 2025 — This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service. • https://huntr.com/bounties/db8939a0-9be8-4d0f-a8b0-1bd181666da2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-10109 – Incorrect Authorization in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-10109
20 Mar 2025 — This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats. • https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8020 – Denial of Service in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-8020
20 Mar 2025 — A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. • https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10110 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-10110
20 Mar 2025 — This results in a denial of service as the tracking server becomes unable to respond to other requests. • https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9363 – Unauthorized File Deletion in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9363
20 Mar 2025 — An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. • https://huntr.com/bounties/ec7b7e1d-795d-4414-93d5-9df35d2fd391 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8984 – Denial of Service (DoS) in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-8984
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. ... The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. • https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10821 – Denial of Service (DoS) in invoke-ai/invokeai
https://notcve.org/view.php?id=CVE-2024-10821
20 Mar 2025 — A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. • https://huntr.com/bounties/0ac24835-c4c0-4f11-938a-d5641dfb80b2 • CWE-400: Uncontrolled Resource Consumption •