Skip to main content
CVE-2024-12063 HIGH POC This Week

A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Privategpt
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-10714 HIGH POC This Week

A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Gpt Academic
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-10225 HIGH POC This Week

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Llava
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2025-1451 HIGH POC This Week

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lollms Web Ui
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-12866 HIGH POC This Week

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Qanything
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-10650 HIGH POC This Week

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2025-0312 HIGH POC PATCH This Week

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ollama AI / ML Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-12055 HIGH POC PATCH This Week

A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Ollama AI / ML +2
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8966 HIGH POC This Week

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Video
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-11171 HIGH POC PATCH This Week

In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2025-29214 HIGH POC This Week

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8438 HIGH POC GHSA This Week

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agentscope
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-10935 HIGH POC This Week

automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stable Diffusion Webui
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-7765 HIGH POC This Week

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-7983 HIGH POC This Week

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Webui
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-12534 HIGH POC This Week

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Webui
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-6866 HIGH POC PATCH This Week

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-10569 HIGH POC This Week

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gradio
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-11449 HIGH POC This Week

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass Large Language And Vision Assistant
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-11603 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10550 HIGH POC This Week

A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10549 HIGH POC This Week

A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10110 HIGH POC This Week

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12065 HIGH POC This Week

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Llava
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-7768 HIGH POC This Week

A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-0453 HIGH POC This Week

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow AI / ML
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0190 HIGH POC This Week

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0330 HIGH POC This Week

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Litellm
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12778 HIGH POC This Week

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12882 HIGH POC This Week

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Comfyui
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8018 HIGH POC This Week

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privategpt
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8789 HIGH POC PATCH This Week

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8763 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12068 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Llava
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12376 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10272 HIGH POC PATCH This Week

lunary-ai/lunary is vulnerable to broken access control in the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10572 HIGH POC This Week

In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8999 HIGH POC PATCH This Week

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-9606 HIGH POC PATCH This Week

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Litellm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10267 HIGH POC This Week

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Superagi
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8062 HIGH POC This Week

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8061 HIGH POC This Week

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8249 HIGH POC PATCH This Week

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12779 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Ragflow
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11822 HIGH POC This Week

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Dify
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25758 HIGH POC This Week

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Kukufm Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0454 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10907 HIGH POC This Week

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8955 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12704 HIGH POC PATCH This Week

A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Llamaindex Langchain AI / ML Red Hat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy