CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12537 – Unauthenticated Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-12537
20 Mar 2025 — In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely unresponsive. This could lead to severe performance issues, causing the server to become unresponsive or experience significant degradation, ultimately resulting in service interruptions for legitimate users. • https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12704 – Denial of Service (DoS) in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-12704
20 Mar 2025 — A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. • https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9840 – Denial of Service (DoS) Vulnerability in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-9840
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in open-webui/open-webui version 0.3.21. • https://huntr.com/bounties/9178f09e-4d4f-4a5b-bc32-cada7445b03c • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7760 – CSRF in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-7760
20 Mar 2025 — This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write. • https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8763 – Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8763
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. • https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12761 – Denial of Service in brycedrennan/imaginairy
https://notcve.org/view.php?id=CVE-2024-12761
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. • https://huntr.com/bounties/282900f4-2498-42c4-8ce7-ba5368aaf035 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10225 – Denial of Service in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-10225
20 Mar 2025 — A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. • https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7779 – ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer
https://notcve.org/view.php?id=CVE-2024-7779
20 Mar 2025 — A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. • https://huntr.com/bounties/829f7d9f-8755-4362-bd40-801e4690dcdc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9340 – Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml
https://notcve.org/view.php?id=CVE-2024-9340
20 Mar 2025 — A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. • https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7771 – Denial of Service in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-7771
20 Mar 2025 — A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. • https://github.com/mintplex-labs/anything-llm/commit/dd017c6cbbf42abdef7861a66558c53b66424d07 • CWE-400: Uncontrolled Resource Consumption •