Heap-Overflow
Ollama CVE-2026-7482 'Bleeding Llama': Heap OOB Read in GGUF Loader Leaks Server Memory to Unauthenticated Attackers
A heap out-of-bounds read in Ollama's GGUF model loader (CVE-2026-7482, CVSS 9.1) lets unauthenticated attackers exfiltrate server process memory — including API keys, env vars, system prompts, and other users' conversations — from an estimated 300,000+ exposed instances.
NGINX Rift: 18-Year-Old Rewrite Module Heap Overflow Hits Unauthenticated RCE With Public PoC
CVE-2026-42945 is a CVSS 9.2 heap buffer overflow in ngx_http_rewrite_module that has lived in NGINX since 2008. A working unauthenticated RCE PoC is public; reachability hinges on a specific rewrite-directive pattern most prod configs actually contain.
Every Windows Endpoint is a Target: CVE-2026-41096 Heap Overflow in DNS Client Enables Remote Code Execution
CVE-2026-41096 is a CVSS 9.8 heap overflow in the Windows DNS Client. A single malicious DNS response can yield code execution on any Windows host — no auth, no user click, no document opened. The blast radius is every Windows endpoint that resolves a name.
Chrome 147 Patches 60 Security Flaws Including Two Critical WebML RCE Bugs
Google ships Chrome 147.0.7727.55 with fixes for 60 vulnerabilities—two critical heap buffer overflow and integer overflow flaws in the WebML component enable remote code execution via crafted HTML pages.