CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10714 |
Description: A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering the application inaccessible. The issue occurs when the terminal shows a warning: 'multipart.multipart Consuming a byte '0x2d' in end state'.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10713 |
Description: A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10650 |
Description: An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.
CVSS: HIGH (7.5) EPSS Score: 0.09%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10648 |
Description: A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.
CVSS: HIGH (8.2) EPSS Score: 0.08%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10624 |
Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$` to process user input. In Python's default regex engine, this regular expression can take polynomial time to match certain crafted inputs. An attacker can exploit this by sending a crafted HTTP request, causing the gradio process to consume 100% CPU and potentially leading to a Denial of Service (DoS) condition on the server.
CVSS: HIGH (7.5) EPSS Score: 0.73%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10572 |
Description: In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10569 |
Description: A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10550 |
Description: A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity, leading to the exhaustion of server resources and making the server unresponsive.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10549 |
Description: A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-10513 |
Description: A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the vulnerable endpoint '/api/document/move-files', an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.
CVSS: HIGH (7.2) EPSS Score: 0.08%
March 20th, 2025 (4 months ago)
|