CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-10648 – Path Traversal in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-10648
20 Mar 2025 — A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server. • https://huntr.com/bounties/667d664d-8189-458c-8ed7-483fe8f33c76 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12074 – Denial of Service in automatic1111/stable-diffusion-webui
https://notcve.org/view.php?id=CVE-2024-12074
20 Mar 2025 — A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. ... This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation. • https://huntr.com/bounties/6b44bfc2-31a7-4fe9-86fb-072c90a23642 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8062 – Denial of Service in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-8062
20 Mar 2025 — A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. • https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8998 – Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-8998
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. ... As a result, an attacker can cause the server to hang for an arbitrary amount of time by submitting a specially crafted payload. • https://github.com/lunary-ai/lunary/commit/f2bfa036caf2c48686474f4560a9c5abcf5f43b7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8966 – Denial of Service in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-8966
20 Mar 2025 — A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. • https://huntr.com/bounties/7b5932bb-58d1-4e71-b85c-43dc40522ff2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-0453 – Denial of Service through Batched Queries in GraphQL in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2025-0453
20 Mar 2025 — In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. • https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10955 – ReDoS (Regular Expression Denial of Service) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-10955
20 Mar 2025 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. ... This can lead to a Denial of Service (DoS) condition, potentially affecting the entire server. • https://huntr.com/bounties/8291f8d0-5060-47e7-9986-1f411310fb7b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10912 – Denial of Service in lm-sys/fastchat
https://notcve.org/view.php?id=CVE-2024-10912
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. • https://huntr.com/bounties/52f335b8-1134-4d0f-acb4-efef516de414 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10569 – Zip Bomb Vulnerability in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-10569
20 Mar 2025 — A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. ... An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service. • https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74 • CWE-475: Undefined Behavior for Input to API •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12759 – Denial of Service (DoS) via Multipart Boundary in bentoml/bentoml
https://notcve.org/view.php?id=CVE-2024-12759
20 Mar 2025 — In bentoml/bentoml version 1.3.9, the `/login` endpoint of the newly integrated Gradio app is vulnerable to a Denial of Service (DoS) attack. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. • https://huntr.com/bounties/e467ec92-0ad1-4461-8468-1beabf701b9f • CWE-400: Uncontrolled Resource Consumption •