Total
3389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46392 | 1 Apache | 1 Commons Configuration | 2025-07-16 | 6.5 Medium |
| Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration. | ||||
| CVE-2025-24294 | 2025-07-16 | 7.5 High | ||
| The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. | ||||
| CVE-2024-10714 | 1 Binary-husky | 1 Gpt Academic | 2025-07-15 | N/A |
| A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering the application inaccessible. The issue occurs when the terminal shows a warning: 'multipart.multipart Consuming a byte '0x2d' in end state'. | ||||
| CVE-2024-11172 | 1 Librechat | 1 Librechat | 2025-07-15 | N/A |
| A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6. | ||||
| CVE-2024-7768 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-07-15 | N/A |
| A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests. | ||||
| CVE-2024-5216 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-15 | N/A |
| A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance. | ||||
| CVE-2024-8018 | 2 Imartinez, Pribai | 2 Imartinez Privategpt, Privategpt | 2025-07-15 | N/A |
| A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity. | ||||
| CVE-2024-7771 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-15 | N/A |
| A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from the localWhisper implementation, where resampling the audio file from 1 Hz to 16000 Hz quickly exceeds available memory, leading to the Docker instance being killed by the instance manager. | ||||
| CVE-2024-8984 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2025-07-15 | N/A |
| A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | ||||
| CVE-2024-5979 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-07-15 | N/A |
| In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service. | ||||
| CVE-2024-6090 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A |
| A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate. | ||||
| CVE-2025-53371 | 2025-07-15 | 9.1 Critical | ||
| DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. | ||||
| CVE-2024-6036 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | 9.1 Critical |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity. | ||||
| CVE-2024-6037 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | 9.1 Critical |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption. | ||||
| CVE-2025-53636 | 2025-07-15 | 5.4 Medium | ||
| Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6. | ||||
| CVE-2025-7579 | 2025-07-15 | 4.3 Medium | ||
| A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29957 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | 6.2 Medium |
| Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. | ||||
| CVE-2025-29954 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-15 | 5.9 Medium |
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-26677 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-07-15 | 7.5 High |
| Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2024-9437 | 1 Superagi | 1 Superagi | 2025-07-14 | N/A |
| SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | ||||