|
2561
|
9.1 |
CRITICAL
Network
|
ollama
|
ollama
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-11 21:27 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2562
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
|
CWE-78
OS Command
|
CVE-2026-8153
|
2026-05-11 19:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2563
|
4.7 |
MEDIUM
Network
|
oracle
|
macoron
|
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w…
|
CWE-601
CWE-346
Open Redirect
Origin Validation Error
|
CVE-2026-35253
|
2026-05-11 05:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2564
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-5791
|
2026-05-11 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2565
|
8.8 |
HIGH
Network
|
apache
|
cloudstack
|
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an…
|
CWE-94
Code Injection
|
CVE-2026-25077
|
2026-05-11 00:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2566
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev…
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7915
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2567
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
|
CWE-787
CWE-125
Out-of-bounds Write
Out-of-bounds Read
|
CVE-2026-7902
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2568
|
9.1 |
CRITICAL
Network
|
apache
|
cloudstack
|
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants.
This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0.
The Proxm…
|
CWE-200
Information Exposure
|
CVE-2026-25199
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2569
|
5.3 |
MEDIUM
Network
|
apache
|
cloudstack
|
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limi…
|
CWE-367
CWE-770
Time-of-check Time-of-use (TOCTOU) Race Condition
Allocation of Resources Without Limits or Throttling
|
CVE-2025-69233
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2570
|
7.5 |
HIGH
Local
|
-
|
-
|
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44028
|
2026-05-9 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
