Unauthenticated

vulnerabilities 2026-05-19
Ollama CVE-2026-7482 'Bleeding Llama': Heap OOB Read in GGUF Loader Leaks Server Memory to Unauthenticated Attackers
A heap out-of-bounds read in Ollama's GGUF model loader (CVE-2026-7482, CVSS 9.1) lets unauthenticated attackers exfiltrate server process memory — including API keys, env vars, system prompts, and other users' conversations — from an estimated 300,000+ exposed instances.
ollama ai-infrastructure cve-2026-7482 memory-disclosure gguf heap-overflow unauthenticated
Vulnerabilities 2026-04-04
Ni8mare: CVSS 10.0 Unauthenticated RCE in n8n Workflow Automation (CVE-2026-21858)
A CVSS 10.0 content-type confusion bug in n8n's webhook handler lets unauthenticated attackers read arbitrary files, steal credentials, forge admin sessions, and achieve full RCE. Patch to 1.121.0 immediately.
CVE RCE n8n workflow-automation webhook unauthenticated CVSS-10

Ollama CVE-2026-7482 'Bleeding Llama': Heap OOB Read in GGUF Loader Leaks Server Memory to Unauthenticated Attackers