16585 matches found
CVE-2024-9229
A Denial of Service DoS vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing ea...
CVE-2024-9597
A Path Traversal vulnerability exists in the /wipedatabase endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit th...
CVE-2024-9056
BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...
CVE-2024-8984
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...
GHSA-HW8J-HW49-752C BentoML Denial of Service (DoS) via Multipart Boundary
BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...
BentoML Denial of Service (DoS) via Multipart Boundary
BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...
GHSA-FH2C-86XM-PM2X LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...
HTTP Request Smuggling
Overview gunicorn is a Python WSGI HTTP Server for UNIX Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper validation of the Transfer-Encoding header. An attacker can manipulate session data, poison caches, or compromise data integrity by exploiting the...
Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
GHSA-HC5X-X2VX-497G Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
BentoML vulnerable to Uncontrolled Resource Consumption
In bentoml/bentoml version 1.3.9, the /login endpoint of the newly integrated Gradio app is vulnerable to a Denial of Service DoS attack. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously...
GHSA-RVGH-PR46-X7GG Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
[SECURITY] [DLA 4088-1] php7.4 security update
Debian LTS Advisory DLA-4088-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 20, 2025 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u8 CVE ID : CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 Multiple security...
CVE-2024-9597
A Path Traversal vulnerability exists in the /wipedatabase endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit th...
CVE-2024-8984
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...
CVE-2024-10264
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-10264
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...
CVE-2024-10047
parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...