https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 03:04:44 +0000 https://db.gcve.eu/sighting/ebb8ea3e-7501-4162-84c4-0c2de867cfaf/export {"uuid": "ebb8ea3e-7501-4162-84c4-0c2de867cfaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-8736", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10428", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8736\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints.\n\ud83d\udccf Published: 2025-03-20T10:11:17.500Z\n\ud83d\udccf Modified: 2025-04-04T08:45:37.979Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f", "creation_timestamp": "2025-04-04T09:36:01.000000Z"} {"uuid": "ebb8ea3e-7501-4162-84c4-0c2de867cfaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-8736", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10428", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8736\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints.\n\ud83d\udccf Published: 2025-03-20T10:11:17.500Z\n\ud83d\udccf Modified: 2025-04-04T08:45:37.979Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f", "creation_timestamp": "2025-04-04T09:36:01.000000Z"} https://db.gcve.eu/sighting/ebb8ea3e-7501-4162-84c4-0c2de867cfaf/export Fri, 04 Apr 2025 09:36:01 +0000