CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10549 – Denial of Service by ReDOS in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10549
20 Mar 2025 — A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service. • https://huntr.com/bounties/ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10650 – Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-10650
20 Mar 2025 — An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. ... This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. • https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8736 – Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-8736
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). ... By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. • https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12070 – Denial of Service in haotian-liu/llava
https://notcve.org/view.php?id=CVE-2024-12070
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). • https://huntr.com/bounties/8adac028-21c5-41ba-b785-b03066c0b2a6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12720 – Regular Expression Denial of Service (ReDoS) in huggingface/transformers
https://notcve.org/view.php?id=CVE-2024-12720
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. ... This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest). • https://github.com/huggingface/transformers/commit/deac971c469bcbb182c2e52da0b82fb3bf54cccf • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-12777 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-12777
20 Mar 2025 — A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. • https://huntr.com/bounties/cdf8db79-c290-4fe5-9383-4c518bfba4a8 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11043 – Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai
https://notcve.org/view.php?id=CVE-2024-11043
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. • https://huntr.com/bounties/9270900a-b8b7-402f-aee5-432d891e5648 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8053 – Improper Authentication in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-8053
20 Mar 2025 — In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resultin... • https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-0313 – Improper Validation of Array Index in ollama/ollama
https://notcve.org/view.php?id=CVE-2025-0313
20 Mar 2025 — A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network. • https://huntr.com/bounties/450c90f9-bc02-4560-afd4-d0aa057ac82c • CWE-129: Improper Validation of Array Index •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10648 – Path Traversal in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-10648
20 Mar 2025 — By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server. • https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76 • CWE-29: Path Traversal: '\..\filename' •