https://db.gcve.eu/sightings/feed 2026-05-01T03:04:44.732023+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/ebb8ea3e-7501-4162-84c4-0c2de867cfaf/export 2026-05-01T03:04:45.088373+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "ebb8ea3e-7501-4162-84c4-0c2de867cfaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-8736", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10428", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8736\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints.\n\ud83d\udccf Published: 2025-03-20T10:11:17.500Z\n\ud83d\udccf Modified: 2025-04-04T08:45:37.979Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f", "creation_timestamp": "2025-04-04T09:36:01.000000Z"} 2025-04-04T09:36:01+00:00