25 matches found
EUVD-2024-47076
Malicious code in bioql PyPI...
EUVD-2025-7049
Malicious code in bioql PyPI...
CLSA-2025-1758102713 nodejs: Fix of CVE-2025-22150
CVE-2025-22150: fix issue where undici used Math.random to choose boundary for multipart/form-data request, now uses secure random number generator...
PT-2025-30624
Name of the Vulnerable Software and Affected Versions: Axios version 1.10.0 Description: A flaw in the form-data package, used by Axios, allows attackers to predict multipart boundaries, potentially leading to HTTP parameter pollution and injection. Recommendations: Update to version 1.11.0...
Denial Of Service (DoS)
openwebui is vulnerable to Denial of Service DoS. The vulnerability is due to the application's processing of multipart boundaries without authentication, allowing attackers to manipulate boundary parsing and exhaust system resources...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2024-10935
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
CVE-2024-8736
A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2024-10907
In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
PT-2025-12241 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version V12 Strawberry Description: A Denial of Service DoS issue exists due to the application's handling of multipart boundaries in file upload endpoints. Despite CSRF protection, the server processes these boundaries,...
BentoML 资源管理错误漏洞
BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable AI applications using Python. A resource management error vulnerability exists in BentoML v1.3.4post1, which stems from not properly handling multi-part boundaries and...
LiteLLM 资源管理错误漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A resource management error vulnerability exists in LiteLLM v1.44.5 that stems from not properly handling multi-part boundaries, which could lead to a denial of service attack...
Gradio 安全漏洞
Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio that stems from the failure to properly handle multi-part boundaries during file uploads, which could le...
GHSA-C76H-2CCP-4975 Use of Insufficiently Random Values in undici
Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...
DEBIAN-CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
AZL-55931 CVE-2025-22150 affecting package nodejs18 for versions less than 18.20.3-3
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
UBUNTU-CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...