CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10572 – Denial of Service and Arbitrary File Write in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10572
20 Mar 2025 — This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service. • https://huntr.com/bounties/db8939a0-9be8-4d0f-a8b0-1bd181666da2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-10109 – Incorrect Authorization in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-10109
20 Mar 2025 — This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats. • https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8020 – Denial of Service in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-8020
20 Mar 2025 — A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. • https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10110 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-10110
20 Mar 2025 — This results in a denial of service as the tracking server becomes unable to respond to other requests. • https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9363 – Unauthorized File Deletion in polyaxon/polyaxon
https://notcve.org/view.php?id=CVE-2024-9363
20 Mar 2025 — An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. • https://huntr.com/bounties/ec7b7e1d-795d-4414-93d5-9df35d2fd391 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8984 – Denial of Service (DoS) in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-8984
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. ... The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. • https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10821 – Denial of Service (DoS) in invoke-ai/invokeai
https://notcve.org/view.php?id=CVE-2024-10821
20 Mar 2025 — A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. • https://huntr.com/bounties/0ac24835-c4c0-4f11-938a-d5641dfb80b2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-12910 – Denial of Service in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-12910
20 Mar 2025 — A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. • https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-6838 – Uncontrolled Resource Consumption in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-6838
20 Mar 2025 — This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. • https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12537 – Unauthenticated Denial of Service in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-12537
20 Mar 2025 — This could lead to severe performance issues, causing the server to become unresponsive or experience significant degradation, ultimately resulting in service interruptions for legitimate users. • https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •