CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2025/03/20 12:32 p.m.•2 views

Denial of Service (DoS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Denial of Service DoS via the endpoint for converting markdown. An attacker can cause the server to spend excessive time on processing, rendering it unresponsive to other requests until the conversion is...

8.7CVSS7.1AI score0.00782EPSS

Exploits1References2

OSV•added 2025/03/20 12:32 p.m.•11 views

GHSA-V464-R2R9-WWW7 Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

7.5CVSS6.9AI score0.00642EPSS

Exploits2References3

Github Security Blog•added 2025/03/20 12:32 p.m.•12 views

Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

7.5CVSS6.5AI score0.00642EPSS

Exploits2References3Affected Software1

NVD•added 2025/03/20 10:15 a.m.•10 views

CVE-2024-12886

7.5CVSS0.00642EPSS

Cvelist•added 2025/03/20 10:10 a.m.•12 views

CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama

7.5CVSS0.00642EPSS

Vulnrichment•added 2025/03/20 10:10 a.m.•7 views

CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama

7.5CVSS7.4AI score0.00642EPSS

CVE•added 2025/03/20 10:10 a.m.•70 views

CVE-2024-12886

CVE-2024-12886 affects ollama/ollama up to version 0.3.14 with an Out-Of-Memory (OOM) DoS when a gzip bomb is processed. The root cause is reading the response body via io.ReadAll in makeRequestWithRetry and getAuthorizationToken, leading to excessive memory usage and crash. Multiple sources (NVD...

7.5CVSS6.7AI score0.00642EPSS

CVE•added 2025/03/20 10:9 a.m.•80 views

CVE-2024-9840

CVE-2024-9840 is a duplicate of CVE-2024-53981 (per the initial description). Connected data confirms CVE-2024-53981 describes a vulnerability in python-multipart (a streaming multipart parser) with a DoS risk when parsing form data; fixed in version 0.0.18. There is no separate active entry for ...

7.4AI score

Rosalinux•added 2025/03/17 10:33 p.m.•15 views

Advisory ROSA-SA-2025-2786

software: kernel-6.1 6.1.128 OS: ROSA-CHROME packageevrstring: kernel-6.1-generic-6.1.128-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating system kernel is related to memory usage after it has been...

7CVSS7.1AI score0.00259EPSS

RedhatCVE•added 2025/03/17 5:23 p.m.•12 views

CVE-2025-29786

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive...

7.5CVSS7.2AI score0.00582EPSS

Exploits0References5

NVD•added 2025/03/17 2:15 p.m.•11 views

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS0.00582EPSS

Cvelist•added 2025/03/17 1:15 p.m.•11 views

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

7.5CVSS0.00582EPSS

CVE•added 2025/03/17 1:15 p.m.•282 views

CVE-2025-29786

CVE-2025-29786 concerns the Expr expression parser (Go). Prior to 1.17.0, unbounded input can cause the parser to build an excessively large AST, leading to high memory usage or an OOM crash. The issue is mitigated by a patch in 1.17.0 that enforces node budget and memory limits during parsing. R...

7.5CVSS6.7AI score0.00582EPSS

OSV•added 2025/03/17 1:15 p.m.•7 views

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

7.5CVSS5.9AI score0.00582EPSS

Exploits0References5

Debian CVE•added 2025/03/17 1:15 p.m.•11 views

CVE-2025-29786

7.5CVSS7.2AI score0.00582EPSS

RedHat Linux•added 2025/03/17 1:38 a.m.•16 views

Moderate: Red Hat Security Advisory: ACS 4.7 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes new features and security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

6.5CVSS6.7AI score0.00556EPSS

Exploits1References4

Positive Technologies•added 2025/03/17 12:0 a.m.•3 views

PT-2025-11483

Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.0 Description The issue arises when the Expr expression parser is given an unbounded input string, causing it to attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of th...

8.2CVSS6.7AI score0.00582EPSS

Exploits1References31

Packet Storm•added 2025/03/17 12:0 a.m.•167 views

Linux 5.6 Cred Refcount Overflow

Linux 5.6 suffers from a cred refcount overflow at approximately 39 gigs of memory usage via iouring. see also my related prior bug reports about overflowing refcounts with lots of RAM usage: https://crbug.com/project-zero/809: BPF program refcount, with 32GiB RAM...

7.6AI score