Sagi Tzadik

CVE-2024-37032 METASPLOIT HIGH ruby WORKING POC

ollama < 0.1.34 - Path Traversal via Model Path Digest Validation Bypass

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

CVSS 8.8

View Code

CVE-2020-6010 METASPLOIT HIGH ruby WORKING POC

LearnPress <3.2.6.7 - SQL Injection

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection

CVSS 8.8

View Code