Lucene search
+L

150 matches found

Snyk
Snyk
added 2026/06/16 9:32 p.m.5 views

Incorrect Resource Transfer Between Spheres

Overview nova is an OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt KVM, Xen, LXC and more, Hyper-V, VMware, XenServer, OpenStack Ironic and PowerVM. Affected versions of this package are vulnerable to Incorrect...

8.5CVSS5.8AI score0.00272EPSS
Exploits1References2
OSV
OSV
added 2026/06/16 9:32 p.m.3 views

GHSA-MFG3-P6M3-GJGR OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints

Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...

5.4CVSS5.3AI score0.00272EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.9 views

CVE-2026-45830

A flaw was found in ChromaDB. A lack of authorization validation in the ChromaDB Python project allows any authenticated user to read, write, update, or delete data in any tenant's collection. This means an attacker can bypass intended access controls and manipulate data across different tenants,...

8.8CVSS5.2AI score0.00345EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 4:39 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient authorization checks when UUID is provided. An attacker can gain unauthorized access to read, write, update, or delete data belonging to other...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.17 views

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:50 p.m.12 views

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.3AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:50 p.m.30 views

CVE-2026-8828

CVE-2026-8828 describes a lack of authorization validation in ChromaDB Rust (version 1.0.0 and later) that allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenant ownership. The core issue is insufficient access control in ...

8.8CVSS5.3AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:50 p.m.17 views

EUVD-2026-36464

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:50 p.m.31 views

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:46 p.m.59 views

CVE-2026-45830

CVE-2026-45830 affects the ChromaDB Python project (version 0.4.17 and later). The lack of authorization validation allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenancy. The vulnerability is described with a CVSS 4.0 ba...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 2:46 p.m.11 views

CVE-2026-45830

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:46 p.m.11 views

EUVD-2026-36461

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:46 p.m.33 views

CVE-2026-45830

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS0.00345EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 2:46 p.m.3 views

CVE-2026-45830

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS6AI score0.00345EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48919

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48895

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00345EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 5:19 p.m.20 views

CVE-2026-46612

Fission StorageSvc exposes archive CRUD endpoints (/v1/archive and /v1/archives) on the HTTP router without authentication prior to v1.23.0, allowing any caller within the same Kubernetes cluster to enumerate archive IDs, download archives from other tenants, upload arbitrary content, and delete ...

8.8CVSS5.5AI score0.00344EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 1:55 p.m.12 views

EUVD-2026-36031

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS5.5AI score0.00286EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 1:55 p.m.19 views

CVE-2026-53473

The CVE affects the migration-planner-ui-app and describes a cross-site scripting (XSS) flaw in which an attacker can register a malicious discovery agent using a crafted credentialUrl containing JavaScript. When an organizational user clicks the link in the UI, the embedded code executes in the ...

7.3CVSS5.3AI score0.00187EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 1:55 p.m.10 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS5.3AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder