Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.7 views

CVE-2026-45832

A flaw was found in ChromaDB. All V1 collection-level endpoints in the Python project pass null values for tenant and database to the authorization layer. This allows a remote attacker to bypass authorization controls by utilizing these V1 endpoints. The primary consequence is unauthorized access...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...

8.8CVSS5.4AI score0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:11 p.m.12 views

EUVD-2026-36483

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 3:11 p.m.28 views

CVE-2026-45832

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 3:11 p.m.42 views

CVE-2026-45832

CVE-2026-45832 affects the Python project of ChromaDB. All V1 collection-level endpoints pass None for the tenant and database to the authorization layer, which allows attackers to bypass authorization controls when using the V1 endpoints. The reports do not provide any explicit remediation steps...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 3:11 p.m.11 views

CVE-2026-45832

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48897

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS5.2AI score0.00284EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:35 p.m.35 views

NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder