CVE-2024-12070

CVE-2024-12070 concerns a DoS vulnerability in the file upload feature of haotian-liu/llava (Release v1.2.0 / LLaVA-1.6). The root cause is improper handling of form-data with an excessively large filename in the file upload request, which can overwhelm the server and render it unresponsive. Expl...

CVE-2024-12074

CVE-2024-12074 describes a DoS in automatic1111/stable-diffusion-webui 1.10.0 caused by improper handling of form-data with a very large filename in file uploads. The vulnerability, exploitable without authentication, can render the server unresponsive and unavailable to legitimate users, indicat...

CVE-2024-10912 Denial of Service in lm-sys/fastchat

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything

A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...

CVE-2024-12864 Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything

A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...

CVE-2024-12864

CVE-2024-12864 : DoS in the file upload feature of netease-youdao/qanything v2.0.0 caused by improper handling of form-data with a large filename. An unauthenticated attacker can trigger requests with oversized filenames, exhausting server resources and making the service unavailable. Multiple co...

CVE-2025-0191 Denial of Service in gaizhenbiao/chuanhuchatgpt

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2025-0191 Denial of Service in gaizhenbiao/chuanhuchatgpt

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2025-0191

CVE-2025-0191 affects gaizhenbiao/chuanhuchatgpt (v20240914). The DoS arises from improper handling of form-data with an oversized filename in the file-upload function. A payload with a very large filename can overwhelm the server, making it unresponsive and unavailable to legitimate users. The C...

CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio

A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio

A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2025-0187

The CVE-2025-0187 concerns gradio-app/gradio 0.39.1, where the file upload endpoint mishandles form-data with an excessively large filename. This causes a DoS by overwhelming the server, leading to unavailability for legitimate users. The vulnerability is tied to the /upload handling and results ...

CVE-2024-11033 Denial of Service (DoS) in binary-husky/gpt_academic

A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...

CVE-2024-11033

CVE-2024-11033 affects binary-husky/gpt_academic v3.83, where the file upload feature mishandles form-data with an excessively large filename. Reported impact is a DoS, making the server unavailable for legitimate users due to resource exhaustion. The available connected documents confirm the aff...

CVE-2024-10833

CVE-2024-10833 affects eosphoros-ai/db-gpt v0.6.0. The vulnerability is an absolute path traversal in the knowledge API’s file upload endpoint (knowledge/{space_name}/document/upload), where the user-controllable parameter doc_file.filename enables arbitrary file writes to locations on the target...

CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

PT-2025-12119 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version v0.6.2 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request. An attacker can...

Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A path traversal vulnerability exists in Open WebUI version 0.3.8, which stems from improper handling of filenames in the /models/upload endpoint, which could lead to arbitrary file writes...

FlatPress 跨站脚本漏洞

FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A cross-site scripting vulnerability exists in FlatPress, which stems from a JavaScript payload masquerading as a filename in the file upload function, which could lead to a cross-site scripting...

PT-2025-12090 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this b...