trychroma CVE 脆弱性と CVE 一覧(4)

製品(CPE): — CVE 件数: 4

trychroma 脆弱性概要

This page aggregates publicly disclosed CVE and security risk information related to trychroma, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

脆弱性分布の推移(直近24か月)

表示中 14 / 4 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-45833 A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/default_tenant/databases/default_database/collections/{collection_id} if they have the UPDATE_COLLECTION permission. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 9.4 0.26% 2026-06-12 2026-06-29
CVE-2026-45832 All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.25% 2026-06-12 2026-06-29
CVE-2026-45831 The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.23% 2026-06-12 2026-06-17
CVE-2026-45830 A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to. 6f8de1f0-f67e-45a6-b68f-98777fdb759c 8.8 0.28% 2026-06-12 2026-06-29
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence