Lucene search
K

9 matches found

GithubExploit
GithubExploit
added 2025/12/24 9:25 p.m.225 views

Exploit for Session Fixation in Ollama

CVE-2025-51471 - Ollama Cross-Domain Token Exposure PoC !CVE...

6.9CVSS7AI score0.03837EPSS
Exploits2
OSV
OSV
added 2025/07/30 9:37 p.m.1 views

GO-2025-3824 Ollama vulnerable to Cross-Domain Token Exposure in github.com/ollama/ollama

Ollama vulnerable to Cross-Domain Token Exposure in github.com/ollama/ollama...

6.9CVSS7AI score0.03837EPSS
Exploits2References3
Veracode
Veracode
added 2025/07/28 2:56 a.m.2 views

Cross-Domain Token Exposure

Ollama is vulnerable to Cross-Domain Token Exposure. The vulnerability is due to improper handling of the realm value in the WWW-Authenticate header by the /api/pull endpoint, which allows an attacker to steal authentication tokens and bypass access controls...

6.9CVSS6.3AI score0.03837EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2025/07/22 9:31 p.m.16 views

GHSA-X9HG-5Q6G-Q3JR Ollama vulnerable to Cross-Domain Token Exposure

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS6.5AI score0.03837EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2025/07/22 9:31 p.m.43 views

Ollama vulnerable to Cross-Domain Token Exposure

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS7.4AI score0.03837EPSS
Exploits2References7Affected Software1
NVD
NVD
added 2025/07/22 7:15 p.m.34 views

CVE-2025-51471

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS0.03837EPSS
Exploits2References4
OSV
OSV
added 2025/07/22 7:15 p.m.9 views

PYSEC-2025-147

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS6.5AI score0.03837EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/07/22 12:0 a.m.12 views

CVE-2025-51471

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

0.03837EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.10 views

PT-2023-14190 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.1 through 15.7.7 GitLab EE versions 15.8 through 15.8.3 GitLab EE versions 15.9 through 15.9.1 Description: An issue has been discovered in GitLab EE. If a group with SAML SSO enabled is transferred to a new namespace as...

7.3CVSS6.8AI score0.00744EPSS
Exploits0References10
Rows per page
Query Builder