Lucene search
K

479 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43562

Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS7AI score0.00391EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-15685

Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS0.00391EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-15685

CVE-2026-15685 affects Ollama, with the vulnerability located in the downloadBlob function where user-supplied data is not properly validated, allowing an out-of-bounds memory access and resulting in a denial-of-service condition. The issue, linked to ZDI-CAN-27277, can be triggered remotely with...

7.5CVSS7AI score0.00391EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-15685 Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability

Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 12:37 a.m.7 views

EUVD-2026-42106

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/07/07 10:16 p.m.9 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 9:2 p.m.2 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.2CVSS6.1AI score0.00259EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/07 9:2 p.m.24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:2 p.m.6 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56268

Name of the Vulnerable Software and Affected Versions mem0 affected versions not specified Description Unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery SSRF, a technique where an attacker induces the server to make requests to an...

9.3CVSS6.1AI score0.00259EPSS
Exploits0References8
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.98 views

Ollama - Remote Code Execution

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. id: CVE-2024-37032 info: name: Ollama ...

8.8CVSS7AI score0.89633EPSS
Exploits4References3
OSV
OSV
added 2026/06/29 5:51 a.m.7 views

MAL-2026-6581 Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:51 a.m.9 views

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

CVE-2026-46601 vulnerabilities

Vulnerabilities for packages: kubescape-server-fips, mattermost-fips, seaweedfs-rocksdb-fips, bento-fips, gitlab-workhorse-ce, gitea, bento, seaweedfs-rocksdb, mattermost, ollama, pdfcpu, rclone, seaweedfs-operator, mailpit, seaweedfs, seaweedfs-operator-fips, kubescape, ollama-fips, gitea-fips,...

7.5CVSS6.1AI score0.00339EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-M43H-MP45-GHQ6 vulnerabilities

Vulnerabilities for packages: kubescape-server-fips, mattermost-fips, seaweedfs-rocksdb-fips, bento-fips, gitlab-workhorse-ce, gitea, bento, seaweedfs-rocksdb, mattermost, ollama, pdfcpu, rclone, seaweedfs-operator, mailpit, seaweedfs, seaweedfs-operator-fips, kubescape, ollama-fips, gitea-fips,...

6.1AI score
Exploits0
NVD
NVD
added 2026/06/26 4:16 p.m.7 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS0.00551EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/26 3:15 p.m.34 views

CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

0.00551EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:15 p.m.7 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 3:15 p.m.9 views

EUVD-2026-39786

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 3:15 p.m.36 views

CVE-2026-5757

CVE-2026-5757 concerns Ollama’s model quantization engine. The CERT entry describes an unauthenticated remote information-disclosure vulnerability triggered via the model upload interface. Root cause: three factors—no bounds checking on user-supplied GGUF header metadata, unsafe memory access usi...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder