CVE-2026-45830

A flaw was found in ChromaDB. A lack of authorization validation in the ChromaDB Python project allows any authenticated user to read, write, update, or delete data in any tenant's collection. This means an attacker can bypass intended access controls and manipulate data across different tenants,...

EUVD-2026-36483

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

CVE-2026-45830

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

PT-2026-48897

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

CVE-2026-45829

CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...

PT-2026-41683

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8 Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the...

BroadlinkManager 操作系统命令注入漏洞

BroadlinkManager is a python-based project by the individual developer Tomer Klein that allows users to control Broadlink devices. A security vulnerability exists in BroadlinkManager version 5.9.1 that stems from vulnerability to command injection attacks...

CVE-2022-46179

Vulnerability summary (CVE-2022-46179): LiuOS (versions 0.1.0 and prior) contains an authorization bypass where an attacker can set the GITHUB_ACTIONS environment variable to any value other than null or true, allowing login checks to be skipped. Root cause: improper handling of GITHUB_ACTIONS en...

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

comelz Quark path traversal vulnerability

comelz Quark is a Python based project dependency management system. A path traversal vulnerability exists in versions of comelz Quark prior to 2019-03-26, which can be exploited by an attacker to access locations outside of a restricted directory...

Python Project urllib CRLF Injection (CVE-2019-9740)

A CRLF injection vulnerability exists in Python Project urllib library. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...