Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/26 3:15 p.m.31 views

CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

0.00551EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:15 p.m.6 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/26 3:15 p.m.27 views

CVE-2026-5757

CVE-2026-5757 concerns Ollama’s model quantization engine. The CERT entry describes an unauthenticated remote information-disclosure vulnerability triggered via the model upload interface. Root cause: three factors—no bounds checking on user-supplied GGUF header metadata, unsafe memory access usi...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/02 9:22 p.m.11 views

OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

7.6CVSS5.9AI score0.00223EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/02 9:22 p.m.2 views

GHSA-9Q7V-8MR7-G23P OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

6.3CVSS5.9AI score0.00223EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/12 11:3 p.m.23 views

CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...

8.7CVSS0.00698EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/07/22 7:44 p.m.7 views

CVE-2025-51471

A domain validation flaw has been discovered in Ollama. In instances where a user attempts to download a model, but where the server responds with an http 401 error code, Ollama follows the WWW-Authenticate header's realm URL without validating if it belongs to the same domain as the original...

6.9CVSS7.2AI score0.03837EPSS
Exploits2References2
Rows per page
Query Builder