Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.8 views

CVE-2026-45833

A flaw was found in the ChromaDB Python project. An authenticated attacker with UPDATECOLLECTION permission could exploit a code injection vulnerability. By sending a malicious model repository to a specific API endpoint with trustremotecode enabled, the attacker can execute arbitrary code on the...

9.4CVSS6.1AI score0.00342EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 3:16 p.m.31 views

CVE-2026-45833

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 3:16 p.m.32 views

CVE-2026-45833

CVE-2026-45833 affects the ChromaDB Python project (version 0.4.17 and later). The issue is a code injection vulnerability where an authenticated attacker can execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true in the API path /api/...

9.4CVSS5.8AI score0.00342EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 3:16 p.m.9 views

CVE-2026-45833

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS5.8AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 3:16 p.m.21 views

EUVD-2026-36484

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS5.8AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48898

Name of the Vulnerable Software and Affected Versions ChromaDB versions 0.4.17 through 0.4.16 Description An authenticated attacker with the UPDATE COLLECTION permission can execute arbitrary code on the server. This occurs by sending a malicious model repository and setting the trust remote code...

9.4CVSS5.9AI score0.00342EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 9:47 p.m.14 views

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

9.6CVSS7.6AI score0.00489EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/18 6:31 p.m.22 views

ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2026/05/18 6:31 p.m.7 views

GHSA-F4J7-R4Q5-QW2C ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/05/18 5:31 p.m.11 views

CVE-2026-45829

A flaw was found in the ChromaDB Python project. This pre-authentication code injection vulnerability allows an unauthenticated attacker to execute arbitrary code on the server. The attacker can achieve this by sending a malicious model repository to the...

10CVSS6.2AI score0.12387EPSS
Exploits2References5
NVD
NVD
added 2026/05/18 5:16 p.m.14 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS0.12387EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/05/18 3:59 p.m.60 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS0.12387EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/18 3:59 p.m.13 views

EUVD-2026-30779

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/18 3:59 p.m.33 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References2
CVE
CVE
added 2026/05/18 3:59 p.m.64 views

CVE-2026-45829

CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...

10CVSS6.1AI score0.12387EPSS
Exploits2References5
Snyk
Snyk
added 2026/05/18 3:59 p.m.6 views

Deserialization of Untrusted Data

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the trustremotecode process. An attacker can execute arbitrary code on the server by sending a malicious model repository to the /api/v2/tenants/tenant/databases/db/collections...

10CVSS6.2AI score0.12387EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Mamba 安全漏洞

Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 1:23 a.m.8 views

Unsafe Dependency Resolution

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the process of loading sub-components with the trustremotecode parameter set to True, regardless of user...

8.8CVSS6.2AI score0.01364EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 1:15 a.m.37 views

CVE-2026-28500 ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

8.6CVSS0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-41683

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8 Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the...

10CVSS6.2AI score0.12387EPSS
Exploits2References39
Rows per page
Query Builder