Lucene search
K

30 matches found

EUVD
EUVD
added 2026/06/23 4:26 p.m.7 views

EUVD-2026-38515

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7049

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00642EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47076

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01108EPSS
Exploits0References1
OSV
OSV
added 2025/09/17 9:51 a.m.5 views

CLSA-2025-1758102713 nodejs: Fix of CVE-2025-22150

CVE-2025-22150: fix issue where undici used Math.random to choose boundary for multipart/form-data request, now uses secure random number generator...

6.8CVSS6.7AI score0.00736EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.4 views

PT-2025-30624

Name of the Vulnerable Software and Affected Versions: Axios version 1.10.0 Description: A flaw in the form-data package, used by Axios, allows attackers to predict multipart boundaries, potentially leading to HTTP parameter pollution and injection. Recommendations: Update to version 1.11.0...

6.4AI score
Exploits0References6
Veracode
Veracode
added 2025/03/25 3:31 a.m.10 views

Denial Of Service (DoS)

openwebui is vulnerable to Denial of Service DoS. The vulnerability is due to the application's processing of multipart boundaries without authentication, allowing attackers to manipulate boundary parsing and exhaust system resources...

7AI score
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/03/22 12:43 p.m.10 views

CVE-2025-1451

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...

7.5CVSS6.9AI score0.0059EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:7 p.m.12 views

CVE-2024-10935

automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...

7.5CVSS7AI score0.00765EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:9 a.m.16 views

CVE-2024-8736

A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...

7.1CVSS7AI score0.00228EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.13 views

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

7.5CVSS6.7AI score0.00644EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.9 views

CVE-2025-1451

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...

7.5CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10907

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

7.5CVSS5.8AI score0.00642EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...

7.5CVSS0.0059EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...

7.5CVSS7.5AI score0.0059EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.63 views

CVE-2025-1451

CVE-2025-1451 affects parisneo/lollms-webui v13. The vulnerability stems from the server’s handling of multipart boundaries in file uploads: there is no limit/validation on boundary length or appended characters, allowing requests with excessively long boundaries that cause resource exhaustion an...

7.5CVSS6.9AI score0.0059EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

LiteLLM 资源管理错误漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A resource management error vulnerability exists in LiteLLM v1.44.5 that stems from not properly handling multi-part boundaries, which could lead to a denial of service attack...

7.5CVSS7.2AI score0.00792EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.1 views

BentoML 资源管理错误漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable AI applications using Python. A resource management error vulnerability exists in BentoML v1.3.4post1, which stems from not properly handling multi-part boundaries and...

7.5CVSS7.3AI score0.00664EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

PrivateGPT 资源管理错误漏洞

PrivateGPT is an AI project open-sourced by Zylon. A resource management error vulnerability exists in PrivateGPT version 0.5.0, which stems from improper handling of multi-part boundaries when uploading a file, which could lead to a denial of service...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.1 views

Danswer 资源管理错误漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version v0.3.94, which stems from the fact that uploading a file with malformed multi-part boundaries may...

7.5CVSS7.7AI score0.00489EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Gradio 安全漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio that stems from the failure to properly handle multi-part boundaries during file uploads, which could le...

7.5CVSS7.3AI score0.00744EPSS
Exploits1References1
Rows per page
Query Builder