|
351
|
5.5 |
MEDIUM
Local
|
microsoft
|
visual_studio_code
|
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Update
|
CWE-20
CWE-23
NVD-CWE-noinfo
Improper Input Validation
Relative Path Traversal
|
CVE-2026-48569
|
2026-06-13 01:57 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
6.5 |
MEDIUM
Network
|
gpac
|
gpac
|
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of…
Update
|
CWE-1077
Floating Point Comparison with Incorrect Operator
|
CVE-2025-55658
|
2026-06-13 01:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
4.4 |
MEDIUM
Network
|
-
|
-
|
IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, lis…
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-47190
|
2026-06-13 01:24 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
- |
|
-
|
-
|
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collecti…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45830
|
2026-06-13 01:23 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, d…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-45831
|
2026-06-13 01:23 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
- |
|
-
|
-
|
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 en…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45832
|
2026-06-13 01:23 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
- |
|
-
|
-
|
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.
New
|
-
|
CVE-2026-40677
|
2026-06-13 01:22 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
- |
|
-
|
-
|
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8828
|
2026-06-13 01:22 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.
New
|
CWE-284
Improper Access Control
|
CVE-2026-44976
|
2026-06-13 01:20 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
8.7 |
HIGH
Network
|
-
|
-
|
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the ba…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-47691
|
2026-06-13 01:18 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
