|
331
|
9.1 |
CRITICAL
Network
|
ollama
|
ollama
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-11 21:27 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
8.6 |
HIGH
Network
|
-
|
-
|
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.
This vulnerabilit…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-10470
|
2026-05-11 21:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
Update
|
CWE-78
OS Command
|
CVE-2026-8153
|
2026-05-11 19:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
- |
|
-
|
-
|
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's br…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6956
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
- |
|
-
|
-
|
ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's br…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6909
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
7.2 |
HIGH
Network
|
-
|
-
|
Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.
New
|
CWE-22
Path Traversal
|
CVE-2026-41951
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could p…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-40636
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic…
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-35157
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
8.0 |
HIGH
Network
|
-
|
-
|
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading …
New
|
CWE-862
Missing Authorization
|
CVE-2026-32658
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local acce…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-26946
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
