SUSE CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

EUVD-2024-41284

Malicious code in bioql PyPI...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

Ollama 安全漏洞

Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama versions prior to 0.1.46, which stems from a path traversal vulnerability in the api/push routing, leading to the exposure of files on the deployment server...

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2021-09325)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki 1.35 and earlier versions, which stems from...