CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8984 |
Description: A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8966 |
Description: A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8958 |
Description: In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution.
CVSS: HIGH (7.2) EPSS Score: 0.35%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8953 |
Description: In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.
CVSS: HIGH (7.2) EPSS Score: 0.09%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8859 |
Description: A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulnerability is triggered if the user has configured the dbfs service, and during usage, the service is mounted to a local directory.
CVSS: HIGH (7.5) EPSS Score: 18.01%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8789 |
Description: Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative to the input size, leading to potential denial of service. An attacker can exploit this by submitting a specially crafted regular expression, causing the server to become unresponsive for an arbitrary length of time.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8765 |
Description: In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication.
CVSS: HIGH (7.3) EPSS Score: 0.1%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8764 |
Description: A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8763 |
Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /{{(.*?)}}/g, causing the server to hang indefinitely and become unresponsive to any requests. This is due to the regular expression's susceptibility to second-degree polynomial time complexity, which can be triggered by a large number of braces in the input.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8736 |
Description: A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 20th, 2025 (4 months ago)
|