CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-12910 – Denial of Service in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-12910
20 Mar 2025 — A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. • https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6838 – Uncontrolled Resource Consumption in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-6838
20 Mar 2025 — This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. • https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12537 – Unauthenticated Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-12537
20 Mar 2025 — This could lead to severe performance issues, causing the server to become unresponsive or experience significant degradation, ultimately resulting in service interruptions for legitimate users. • https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12704 – Denial of Service (DoS) in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-12704
20 Mar 2025 — A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. • https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9840 – Denial of Service (DoS) Vulnerability in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-9840
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in open-webui/open-webui version 0.3.21. ... By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability can be exploited remotely, resulting in high CPU and memory usage, and rendering the service inaccessible to legitimate users. • https://huntr.com/bounties/9178f09e-4d4f-4a5b-bc32-cada7445b03c • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7760 – CSRF in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-7760
20 Mar 2025 — This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write. • https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8763 – Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8763
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. • https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12761 – Denial of Service in brycedrennan/imaginairy
https://notcve.org/view.php?id=CVE-2024-12761
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. • https://huntr.com/bounties/282900f4-2498-42c4-8ce7-ba5368aaf035 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10225 – Denial of Service in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-10225
20 Mar 2025 — A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. • https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7779 – ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer
https://notcve.org/view.php?id=CVE-2024-7779
20 Mar 2025 — A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. • https://huntr.com/bounties/829f7d9f-8755-4362-bd40-801e4690dcdc • CWE-400: Uncontrolled Resource Consumption •