36 matches found
(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper...
PT-2026-1768
Name of the Vulnerable Software and Affected Versions Ollama MCP Server affected versions not specified Description This issue allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server without authentication. The flaw resides in the execAsync method due to...
EUVD-2025-6985
Malicious code in bioql PyPI...
EUVD-2025-6828
Malicious code in bioql PyPI...
EUVD-2025-15424
Malicious code in bioql PyPI...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the /api/pull endpoint. An attacker can remove files from the file system by sending a specially crafted packet to this endpoint. Remediation Upgrade...
GO-2025-3695 Ollama Server Vulnerable to Denial of Service (DoS) Attack in github.com/ollama/ollama
Ollama Server Vulnerable to Denial of Service DoS Attack in github.com/ollama/ollama...
CVE-2025-1975
A flaw was discovered in Ollama. This flaw allows a malicious to cause a denial of service DoS attack in affected versions by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, whic...
SUSE CVE-2025-1975
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
GHSA-WRH5-CMWX-Q2QR Ollama Server Vulnerable to Denial of Service (DoS) Attack
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index when downloading a model via the /api/pull endpoint. An attacker can cause the server to crash by customizing the manifest content and spoofing a service. Remediation Upgrade...
Ollama Server Vulnerable to Denial of Service (DoS) Attack
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
CVE-2025-1975
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
PYSEC-2025-145
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
CVE-2025-1975
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
PYSEC-2025-145
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
CVE-2025-1975 Improper Validation of Array Index in ollama/ollama
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
CVE-2025-1975 Improper Validation of Array Index in ollama/ollama
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
CVE-2025-1975
Ollama server (version 0.5.11) is affected by CVE-2025-1975. The root cause is improper validation of array index access when downloading a model via the /api/pull endpoint, allowing a malicious user to trigger a DoS and cause a server crash. The vulnerability is documented with CVSSv3 base score...
PT-2025-21626 · Unknown · Ollama Server
Name of the Vulnerable Software and Affected Versions: Ollama server version 0.5.11 Description: A Denial of Service DoS attack can be caused by a malicious user customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a...