Linux Distros Unpatched Vulnerability : CVE-2025-47947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable t...

Ollama <= 0.9.6 Cross-Domain Token Exposure

The version of Ollama installed on the remote host is 0.9.6 or earlier. It is, therefore, affected by a vulnerability. Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.9.6 allows remote attackers to steal authentication tokens and bypass access controls via a malicious...

Malicious code in pull-goth-lsk (npm)

The package pull-goth-lsk was found to contain malicious code...

MAL-2025-30831 Malicious code in pull-goth-lsk (npm)

The package pull-goth-lsk was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2025-21891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1...

Linux Distros Unpatched Vulnerability : CVE-2024-40996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskbpullreason syzkaller builds CONFIGDEBUGNET=y frequently trigger a...

SUSE CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

PYSEC-2025-146

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

PYSEC-2025-146

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the /api/pull endpoint. An attacker can remove files from the file system by sending a specially crafted packet to this endpoint. Remediation Upgrade...

PT-2025-32263 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama version 0.1.33 Description: An issue allows attackers to delete arbitrary files by sending a crafted packet to the /api/pull endpoint. Recommendations: Update to a newer version that contains a fix for this issue. As a temporary...

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

react-native-bottom-tabs 安全漏洞

react-native-bottom-tabs is the native bottom tabs of a Callstack Incubator open source. A security vulnerability exists in react-native-bottom-tabs version 0.9.2 and earlier, which stems from the improper use of the pullrequesttarget event trigger in the GitHub Actions workflow, and could lead t...

powertools

PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from an hg pull command line parameter resulting in an exposed...

The vulnerability of the “hg pull” command in the Continuous Integration and Delivery Application Deployment system (CI/CD) of JetBrains TeamCity, which allows a hacker to expose confidential information

The vulnerability of the “hg pull” command in the Continuous Integration and Delivery Application Deployment system CI/CD of JetBrains TeamCity is related to the storage of information in an open manner. Exploiting this vulnerability can allow attackers to expose confidential information...

CVE-2025-54538

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from an hg pull command line parameter resulting in an exposed...

PowerTools

PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...