CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8053 – Improper Authentication in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-8053
20 Mar 2025 — In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resultin... • https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0313 – Improper Validation of Array Index in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0313
20 Mar 2025 — A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network. • https://huntr.com/bounties/450c90f9-bc02-4560-afd4-d0aa057ac82c • CWE-129: Improper Validation of Array Index •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10648 – Path Traversal in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-10648
20 Mar 2025 — By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server. • https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12074 – Denial of Service in automatic1111/stable-diffusion-webui
https://notcve.org/view.php?id=CVE-2024-12074
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. • https://huntr.com/bounties/6b44bfc2-31a7-4fe9-86fb-072c90a23642 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8062 – Denial of Service in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-8062
20 Mar 2025 — A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. • https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8998 – Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8998
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. • https://github.com/lunary-ai/lunary/commit/f2bfa036caf2c48686474f4560a9c5abcf5f43b7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8966 – Denial of Service in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-8966
20 Mar 2025 — A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. • https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-0453 – Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2025-0453
20 Mar 2025 — In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. • https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10955 – ReDoS (Regular Expression Denial of Service) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-10955
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. ... This can lead to a Denial of Service (DoS) condition, potentially affecting the entire server. • https://huntr.com/bounties/8291f8d0-5060-47e7-9986-1f411310fb7b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10912 – Denial of Service in lm-sys/fastchat
https://notcve.org/view.php?id=CVE-2024-10912
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. • https://huntr.com/bounties/52f335b8-1134-4d0f-acb4-efef516de414 • CWE-400: Uncontrolled Resource Consumption •