CVE-2026-42249 Remote Code Execution in Ollama via Update Mechanism

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42248 Missing Signature Verification for Updates in Ollama

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

EUVD-2026-26210

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42248 Missing Signature Verification for Updates in Ollama

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

PT-2026-35911

Name of the Vulnerable Software and Affected Versions Ollama for Windows versions 0.12.10 through 0.17.5 Description Ollama for Windows fails to verify the integrity or authenticity of downloaded update executables. The update verification routine on Windows unconditionally returns success,...

CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465

CVE-2026-35465 affects SecureDrop Client

EUVD-2026-23626

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

PT-2026-33546

Name of the Vulnerable Software and Affected Versions SecureDrop Client versions prior to 0.17.5 Description Improper filename validation during gzip archive extraction allows a compromised SecureDrop Server to achieve code execution on the Client virtual machine sd-app. This occurs because the...

CVE-2024-42650

NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pubhandler.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PUBLISH message...

NanoMQ 安全漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A security vulnerability exists in NanoMQ version 0.17.5, which stems from a segmentation error in the component /nanomq/pubhandler.c that could lead to a denial of service attack...

c.a.tali.n.a.l.aws.on.0.17.5.xx3.kz Cross Site Scripting vulnerability OBB-3945999

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-34488

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the connhandler function of mqttparser.c when it processes malformed messages...

Heap overflow

NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the connhandler function of mqttparser.c when it processes malformed messages...

CVE-2023-34488

CVE-2023-34488 affects NanoMQ 0.17.5, where a one-byte heap-based buffer over-read occurs in the conn_handler function of mqtt_parser.c while processing malformed messages. The issue is described across multiple sources as a heap-buffer-overflow vulnerability, with Impact/Summary indicating high ...

CVE-2023-34488

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the connhandler function of mqttparser.c when it processes malformed messages...