Lucene search
K

11 matches found

Snyk
Snyk
added 2026/06/18 3:20 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the agentid metadata in the gRPC communication process. An attacker can impersonate other agents on the same server by injecting a forged value into outgoing metadata, leading to unauthorized cross-tenant actions...

7.1CVSS6AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:3 p.m.31 views

CVE-2026-45831

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

8.8CVSS0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 3:3 p.m.21 views

CVE-2026-45831

The CVE describes a vulnerability in the SimpleRBACAuthorizationProvider of the ChromaDB Python project (versions 0.5.0 and later). The issue is that it evaluates whether a user has a permission without validating the tenant/database/collection scope, enabling cross-tenant actions. This is the un...

8.8CVSS5.1AI score0.00237EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/12 3:3 p.m.10 views

EUVD-2026-36482

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

8.8CVSS5.1AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48896

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

8.8CVSS5AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 10:16 p.m.26 views

CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-33891

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00958EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.10 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

9.8CVSS7.1AI score0.00958EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/28 8:15 p.m.4 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

9.8CVSS5.9AI score0.00958EPSS
Exploits0References3
Prion
Prion
added 2022/04/28 8:15 p.m.16 views

Server side request forgery (ssrf)

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

7.5CVSS9.4AI score0.00958EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/28 7:48 p.m.37 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

9.7AI score0.00958EPSS
Exploits0References2
Rows per page
Query Builder