CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

CVE-2026-28909 affects a container runtime where connecting to malicious registries using hostnames that match bypass patterns can expose registry credentials in plaintext. The issue is mitigated by upgrading to container version 0.12.3. The available sources confirm the vulnerability description...

EUVD-2026-26452

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

PT-2026-36209

Name of the Vulnerable Software and Affected Versions container versions prior to 0.12.3 Description Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. Recommendations Update to version 0.12.3...

CVE-2026-33626

LMDeploy SSRF in the vision-language module (prior to 0.12.3) allows an attacker to fetch arbitrary URLs via load_image() in lmdeploy/vl/utils.py without internal IP validation, potentially reaching cloud metadata services and internal networks. The issue also affects encode_image_base64() and ca...

lmdeploy 安全漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of LMDeploy prior to 0.12.3 contained security vulnerabilities; these vulnerabilities stemmed from the vision-language module’s loadimage function, which did not validate URLs, potentially allowing...

Linux Distros Unpatched Vulnerability : CVE-2026-33307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the...

UBUNTU-CVE-2026-33307

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

EUVD-2026-14692

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

CVE-2026-33307

Mod_gnutls (Apache HTTPD TLS module) is affected by CVE-2026-33307 in versions prior to 0.12.3 and 0.13.0. The vulnerability arises from importing the client certificate chain into a fixed-size gnutls_x509_crt_t x509[] array without validating the number of certificates against the array length, ...

PT-2026-27302

Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 Description Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the...

CVE-2022-0869

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3...

EUVD-2025-204310

Ollama Platform has missing authentication enabling attackers to perform model management operations...

Ollama Platform has missing authentication enabling attackers to perform model management operations

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

CVE-2025-63389

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...