Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/06/12 3:16 p.m.31 views

CVE-2026-45833

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 3:16 p.m.21 views

EUVD-2026-36484

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 9:47 p.m.15 views

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

9.6CVSS7.6AI score0.00519EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/18 6:31 p.m.24 views

ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/05/18 5:16 p.m.15 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS0.12387EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/05/18 3:59 p.m.61 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS0.12387EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/18 3:59 p.m.33 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/18 3:59 p.m.14 views

EUVD-2026-30779

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References2
CVE
CVE
added 2026/05/18 3:59 p.m.74 views

CVE-2026-45829

CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...

10CVSS6.1AI score0.12387EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Mamba 安全漏洞

Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 1:23 a.m.9 views

Unsafe Dependency Resolution

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the process of loading sub-components with the trustremotecode parameter set to True, regardless of user...

8.8CVSS6.2AI score0.01364EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-41683

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8 Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the...

10CVSS6.2AI score0.12387EPSS
Exploits2References39
Rows per page
Query Builder