Lucene search
K

8 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-45832

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 7:52 p.m.13 views

CVE-2026-42884 Audiobookshelf: Collection endpoints bypass library access controls exposing restricted library data

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 7:52 p.m.17 views

CVE-2026-42884

Summary: Audiobookshelf (self-hosted server) prior to version 2.32.2 exposes collection data across libraries. The GET /api/collections and GET /api/collections/:id endpoints do not verify the requester’s library access, enabling an authenticated user with access to any library to enumerate and r...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-0802

Malicious code in bioql PyPI...

7.7CVSS6.8AI score0.00604EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 6:10 a.m.5 views

CVE-2023-25575

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS6.6AI score0.00604EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/28 10:21 p.m.5 views

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS7.1AI score0.00604EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/28 12:0 a.m.23 views

api-platform/core's secured properties may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS6.2AI score0.00604EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.4 views

PT-2023-20173 · Unknown · Api Platform Core

Name of the Vulnerable Software and Affected Versions: API Platform Core versions 2.7 through 2.7.9 API Platform Core versions 3.0 through 3.0.11 API Platform Core versions 3.0.12 is not affected, versions 3.1 through 3.1.2 Description: Resource properties secured with the security option of the...

7.7CVSS6.4AI score0.00604EPSS
Exploits0References11
Rows per page
Query Builder