30 matches found
EUVD-2026-38515
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an...
EUVD-2025-7049
Malicious code in bioql PyPI...
EUVD-2024-47076
Malicious code in bioql PyPI...
CLSA-2025-1758102713 nodejs: Fix of CVE-2025-22150
CVE-2025-22150: fix issue where undici used Math.random to choose boundary for multipart/form-data request, now uses secure random number generator...
PT-2025-30624
Name of the Vulnerable Software and Affected Versions: Axios version 1.10.0 Description: A flaw in the form-data package, used by Axios, allows attackers to predict multipart boundaries, potentially leading to HTTP parameter pollution and injection. Recommendations: Update to version 1.11.0...
Denial Of Service (DoS)
openwebui is vulnerable to Denial of Service DoS. The vulnerability is due to the application's processing of multipart boundaries without authentication, allowing attackers to manipulate boundary parsing and exhaust system resources...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2024-10935
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
CVE-2024-8736
A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2024-10907
In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2025-1451
CVE-2025-1451 affects parisneo/lollms-webui v13. The vulnerability stems from the server’s handling of multipart boundaries in file uploads: there is no limit/validation on boundary length or appended characters, allowing requests with excessively long boundaries that cause resource exhaustion an...
LiteLLM 资源管理错误漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A resource management error vulnerability exists in LiteLLM v1.44.5 that stems from not properly handling multi-part boundaries, which could lead to a denial of service attack...
BentoML 资源管理错误漏洞
BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable AI applications using Python. A resource management error vulnerability exists in BentoML v1.3.4post1, which stems from not properly handling multi-part boundaries and...
PrivateGPT 资源管理错误漏洞
PrivateGPT is an AI project open-sourced by Zylon. A resource management error vulnerability exists in PrivateGPT version 0.5.0, which stems from improper handling of multi-part boundaries when uploading a file, which could lead to a denial of service...
Danswer 资源管理错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version v0.3.94, which stems from the fact that uploading a file with malformed multi-part boundaries may...
Gradio 安全漏洞
Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio that stems from the failure to properly handle multi-part boundaries during file uploads, which could le...