Lucene search
K

7 matches found

CNVD
CNVD
added 2026/04/10 12:0 a.m.10 views

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Ollama <= 0.9.6 Cross-Domain Token Exposure

The version of Ollama installed on the remote host is 0.9.6 or earlier. It is, therefore, affected by a vulnerability. Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.9.6 allows remote attackers to steal authentication tokens and bypass access controls via a malicious...

6.9CVSS7.5AI score0.03837EPSS
Exploits2References2
PyPA
PyPA
added 2025/07/22 7:15 p.m.16 views

PYSEC-2025-147

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS6.5AI score0.03837EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/07/22 12:0 a.m.3 views

CVE-2025-51471

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS7.2AI score0.03837EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.4 views

PT-2025-30449

Name of the Vulnerable Software and Affected Versions Ollama version 0.6.7 Description A cross-domain token exposure exists in the server.auth.getAuthorizationToken function. This allows remote attackers to steal authentication tokens and bypass access controls by exploiting a malicious realm val...

6.9CVSS7.9AI score0.03837EPSS
Exploits2References18
OSV
OSV
added 2022/11/01 1:52 p.m.5 views

USN-5709-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2022-42927, CVE-2022-42928,...

8.8CVSS6.9AI score0.0083EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/03 12:0 a.m.6 views

ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞

A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...

4.3CVSS5.6AI score0.01116EPSS
Exploits1References3
Rows per page
Query Builder