|
2491
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.
|
CWE-22
Path Traversal
|
CVE-2026-50869
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2492
|
4.8 |
MEDIUM
Network
|
apache
|
cxf
|
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/servi…
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-50623
|
2026-06-17 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2493
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks…
|
CWE-862
Missing Authorization
|
CVE-2026-38329
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2494
|
9.1 |
CRITICAL
Network
|
-
|
-
|
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
|
CWE-123
Write-what-where Condition
|
CVE-2026-30121
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2495
|
9.8 |
CRITICAL
Network
|
-
|
-
|
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
|
CWE-94
Code Injection
|
CVE-2026-30120
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2496
|
9.8 |
CRITICAL
Network
|
splunk
|
splunk
|
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulne…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-20253
|
2026-06-17 00:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2497
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collecti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45830
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2498
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, d…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45831
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2499
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 en…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45832
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2500
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository a…
|
CWE-94
Code Injection
|
CVE-2026-45833
|
2026-06-17 00:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
