Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

RedhatCVE
RedhatCVEadded 3 days ago4 views

CVE-2026-10230

A flaw was found in Assimp, specifically within the Half-Life 1 MDL Loader component. A local attacker could exploit a heap-based buffer overflow vulnerability in the readanimations function of HL1MDLLoader.cpp. This could lead to information disclosure, denial of service, or potentially arbitrar...

5.6CVSS6.1AI score0.00013EPSS
Exploits0References9
NVD
NVDadded 3 days ago8 views

CVE-2026-10233

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...

4.8CVSS0.00012EPSS
Exploits0References7
EUVD
EUVDadded 3 days ago7 views

EUVD-2026-33566

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...

4.8CVSS5.3AI score0.00012EPSS
Exploits0References7
EUVD
EUVDadded 3 days ago5 views

EUVD-2026-33563

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

5.3CVSS6.1AI score0.00013EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 3 days ago4 views

CVE-2026-10230 Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_animations heap-based overflow

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

5.3CVSS6.1AI score0.00013EPSS
Exploits0References6
Debian CVE
Debian CVEadded 3 days ago6 views

CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

5.3CVSS6.1AI score0.00013EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 3 days ago9 views

PT-2026-45275

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract anim value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

5.3CVSS6.2AI score0.00013EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2026/05/12 6:3 a.m.4 views

CVE-2026-7482

A flaw was found in Ollama. A remote attacker can exploit a heap out-of-bounds read vulnerability in the GGUF model loader by providing a specially crafted GGUF GGML Unified Format file to the /api/create endpoint. This allows the attacker to read beyond the allocated memory buffer, potentially...

9.1CVSS5.8AI score0.00034EPSS
Exploits2References6
Github Security Blog
Github Security Blogadded 2026/05/06 11:9 p.m.5 views

Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

7.5CVSS6.8AI score0.00043EPSS
Exploits3References7Affected Software1
SUSE CVE
SUSE CVEadded 2026/05/05 1:48 a.m.3 views

SUSE CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.00034EPSS
Exploits2References3
Github Security Blog
Github Security Blogadded 2026/05/04 3:31 p.m.14 views

Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.00034EPSS
Exploits2References5Affected Software1
EUVD
EUVDadded 2026/05/04 12:38 p.m.5 views

EUVD-2026-26949

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.00034EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2026/05/04 12:38 p.m.1 views

CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.00034EPSS
Exploits2References4
Vulnrichment
Vulnrichmentadded 2026/05/04 12:38 p.m.4 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.00034EPSS
Exploits2References3
OSV
OSVadded 2026/04/27 1:14 p.m.3 views

JLSEC-2026-191

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFileQuake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attac...

7.8CVSS4.4AI score0.00111EPSS
Exploits1References7
OSV
OSVadded 2026/01/16 11:57 a.m.2 views

OESA-2026-1080 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A weakness has been identified in Op...

9.8CVSS6.6AI score0.00108EPSS
Exploits3References4
RedhatCVE
RedhatCVEadded 2026/01/09 8:48 a.m.7 views

CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...

9.8CVSS8.3AI score0.00453EPSS
Exploits0References1
NVD
NVDadded 2025/08/13 6:15 p.m.3 views

CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...

9.8CVSS0.00453EPSS
Exploits0References3
CVE
CVEadded 2025/08/13 5:16 p.m.20 views

CVE-2025-23304

CVE-2025-23304 affects the NVIDIA NeMo library (model loading component). The vulnerability arises from loading .nemo files with maliciously crafted metadata, enabling code injection that may lead to remote code execution and data tampering. Affected: NVIDIA NeMo library (model loading). Exploita...

9.8CVSS8.2AI score0.00453EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Databaseadded 2025/08/08 12:0 a.m.3 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...

9.8CVSS6.5AI score0.00749EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder