CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8736 – Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-8736
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). ... By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. • https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12070 – Denial of Service in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-12070
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. ... This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation. • https://huntr.com/bounties/8adac028-21c5-41ba-b785-b03066c0b2a6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12720 – Regular Expression Denial of Service (ReDoS) in huggingface/transformers
https://notcve.org/view.php?id=CVE-2024-12720
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. ... This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest). • https://github.com/huggingface/transformers/commit/deac971c469bcbb182c2e52da0b82fb3bf54cccf • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-12777 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-12777
20 Mar 2025 — A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. ... The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests. • https://huntr.com/bounties/cdf8db79-c290-4fe5-9383-4c518bfba4a8 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11043 – Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai
https://notcve.org/view.php?id=CVE-2024-11043
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. ... Additionally, the option to delete the board becomes inaccessible, amplifying the severity of the issue. • https://huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8053 – Improper Authentication in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-8053
20 Mar 2025 — In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, r... • https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0313 – Improper Validation of Array Index in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0313
20 Mar 2025 — A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network. • https://huntr.com/bounties/450c90f9-bc02-4560-afd4-d0aa057ac82c • CWE-129: Improper Validation of Array Index •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10648 – Path Traversal in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-10648
20 Mar 2025 — A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server. • https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12074 – Denial of Service in automatic1111/stable-diffusion-webui
https://notcve.org/view.php?id=CVE-2024-12074
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. ... This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation. • https://huntr.com/bounties/6b44bfc2-31a7-4fe9-86fb-072c90a23642 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8062 – Denial of Service in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-8062
20 Mar 2025 — A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. • https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23 • CWE-1088: Synchronous Access of Remote Resource without Timeout •