444 matches found
Ollama - Remote Code Execution
Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. id: CVE-2024-37032 info: name: Ollama ...
Can Open-Source LLM Agents Replace Static Application Security Testing Tools? an Empirical Assessment
This paper explores the value of agentic AI tools for cybersecurity purposes. We evaluate the efficacy of a general-purpose GenAI Large Language Model- GenAI- based agent when powered by three different Ollama-hosted general-purpose open source models. We assess each agent's performance using...
ollama-silent-patches
OLLAMA SILENT PATCH DISCLOSURE — PUBLIC RELEASE v2 Responsi...
ccdd-poc
ccdd-poc — ¿Dónde está el límite de un solucionador de issues...
CVE-2026-43625
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
CVE-2026-42249
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...
Malicious code in ai-sdk-ollama (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
@easbot/ollama-sdk (=0.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=2.2.0)
ai-sdk-ollama NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @easbot/ollama-sdk =0.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...
@agentic-dev-library/control (=1.2.0), @agentic-dev-library/triage (>=1.0.2 <=1.1.0) +38 more potentially affected by unknown CVE via ai-sdk-ollama (>=3.0.0 <=3.8.4)
ai-sdk-ollama NPM version =3.0.0, =1.0.2, =0.1.0, =0.1.1, =0.1.0, =1.3.0, =0.1.1, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.4.3 and more Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...
@byside/llm (>=0.1.0 <=0.1.1), agentic-control (=1.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=1.1.0)
ai-sdk-ollama NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @byside/llm =0.1.0, =0.1.1 - agentic-control =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...
Embedded Malicious Code
Overview ai-sdk-ollama is a Vercel AI SDK Provider for Ollama using official ollama-js library Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attemp...
CVE-2026-43625
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
CVE-2026-43625 CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
CVE-2026-43625 CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
CVE-2026-43625
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
EUVD-2026-33748
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
CVE-2026-43625
CodexBar vulnerability CVE-2026-43625 affects versions prior to 0.32.0. Affected component: CodexBar session handling for Amp and Ollama provider sessions. Root cause: improper redirect handling allows an on-path attacker to observe imported browser session cookies in cleartext HTTP requests when...
PT-2026-45519
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...
Metasploit Wrap Up 05/29/2026
More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a...
Decentralized Threat: Stealthy P2P Cryptominer Targeting Ollama Endpoints
The Akamai SIRT uncovered a custom P2P Trojan masquerading as system activity. Learn how to detect and mitigate this stealthy Go-based cryptominer...