|
241
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collecti…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45830
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, d…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-45831
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 en…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45832
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository a…
Update
|
CWE-94
Code Injection
|
CVE-2026-45833
|
2026-06-17 00:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
8.8 |
HIGH
Network
|
ibm
|
i
|
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-7870
|
2026-06-17 00:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
8.1 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7787
|
2026-06-16 23:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55652
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-55660
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55661
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55663
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
