|
2671
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collecti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45830
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2672
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, d…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45831
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2673
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 en…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45832
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2674
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository a…
|
CWE-94
Code Injection
|
CVE-2026-45833
|
2026-06-17 00:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2675
|
8.8 |
HIGH
Network
|
ibm
|
i
|
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-7870
|
2026-06-17 00:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2676
|
8.1 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7787
|
2026-06-16 23:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2677
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55652
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2678
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-55660
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2679
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55661
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2680
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55663
|
2026-06-16 23:56 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
