Lucene search
K

94 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.14 views

VulnCheck KEV: CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS6.8AI score0.01001EPSS
In wildExploits3References3
vulnersOsv
vulnersOsv
added 2026/06/02 9:0 p.m.6 views

@byside/llm (>=0.1.0 <=0.1.1), agentic-control (=1.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=1.1.0)

ai-sdk-ollama NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @byside/llm =0.1.0, =0.1.1 - agentic-control =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/10 12:41 p.m.18 views

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as...

9.1CVSS6.9AI score0.01001EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/07 4:35 p.m.113 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama GGUF Heap OOB Read Reproduction This re...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/05 7:55 p.m.150 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama Heap Out-of-Bounds Read 1-Day PoC Thi...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 p.m.42 views

Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2026/05/04 12:38 p.m.27 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS0.01001EPSS
Exploits3References3
EUVD
EUVD
added 2026/05/04 12:38 p.m.9 views

EUVD-2026-26949

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

Ollama 路径遍历漏洞

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have a path traversal vulnerability. This vulnerability stems from the improper handling of HTTP response headers in the...

9.8CVSS6.2AI score0.00625EPSS
Exploits0References1
OSV
OSV
added 2026/04/26 6:31 a.m.1 views

GHSA-X99G-8V8J-25J2 Ollama is Vulnerable to Path Traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

6.3CVSS5.4AI score0.00908EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/04/26 4:45 a.m.35 views

CVE-2026-7020 Ollama Tensor Model Transfer transfer.go digestToPath path traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

6.3CVSS0.00908EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/04/06 7:27 a.m.8 views

CVE-2026-5530

A flaw was found in Ollama. A remote attacker can exploit this vulnerability by manipulating the Model Pull API's server/download.go file. This can lead to Server-Side Request Forgery SSRF, allowing the attacker to force the server to make requests to arbitrary network locations. Mitigation To...

6.5CVSS6AI score0.00288EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.7 views

Ollama 代码问题漏洞

Ollama is an open-source tool developed by Ollama that allows for the running, management, and customization of large language models on local devices. Ollama versions 18.1 and earlier had a code vulnerability caused by server-side request forgery in the file server/download.go...

6.5CVSS6.6AI score0.00288EPSS
Exploits2References3
Metasploit
Metasploit
added 2026/02/25 7:0 p.m.350 views

Ollama Model Registry Path Traversal RCE

Ollama before 0.1.34 is vulnerable to a path traversal attack via the model pull mechanism CVE-2024-37032. When pulling a model, the digest field in OCI manifests is not validated, allowing an attacker to inject path traversal sequences to write arbitrary files on the server. This module starts a...

8.8CVSS7.1AI score0.89633EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-36799

Name of the Vulnerable Software and Affected Versions Ollama versions prior to 0.17.1 Description A heap out-of-bounds read issue exists in the GGUF model loader. This occurs during quantization within the WriteTo function in fs/ggml/gguf.go and server/quantization.go when the server processes a...

9.4CVSS6.8AI score0.01001EPSS
Exploits3References101
SUSE CVE
SUSE CVE
added 2026/01/23 12:28 a.m.2 views

SUSE CVE-2025-66960

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata...

7.5CVSS5.6AI score0.00362EPSS
Exploits1References3
OSV
OSV
added 2026/01/21 6:16 p.m.5 views

CVE-2025-66959

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder...

7.5CVSS5.6AI score0.04549EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3838

Name of the Vulnerable Software and Affected Versions ollama version 0.12.10 Description An issue in ollama version 0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder. Recommendations At the moment, there is no information about a newer version that contains a fix...

7.5CVSS5.5AI score0.04549EPSS
Exploits1References8
EUVD
EUVD
added 2026/01/21 12:0 a.m.5 views

EUVD-2026-3626

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder...

7.5CVSS5.6AI score0.04549EPSS
Exploits1References4
CVE
CVE
added 2026/01/21 12:0 a.m.23 views

CVE-2025-66960

CVE-2025-66960 affects Ollama v0.12.10 and earlier where the function readGGUFV1String in fs/ggml/gguf.go reads a string length from untrusted GGUF metadata, enabling a remote attacker to cause a denial-of-service. Multiple connected sources (SUSE, Red Hat, OSV, NVD, PT Security) describe the DoS...

7.5CVSS5.6AI score0.00362EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder