21311 matches found
Directory Traversal
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Directory Traversal via the download function due to improper input validation when processing image references during task exports. . An attacker can access files outside the intended...
CVE-2025-25295
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
CVE-2025-25295
Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...
CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
Label Studio has a Path Traversal Vulnerability via image Field
Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...
GHSA-RGV9-W7JP-M23G Label Studio has a Path Traversal Vulnerability via image Field
Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...
CVE-2024-56477
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-56477
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-56477 IBM Power Hardware Management Console directory traversal
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-56477 IBM Power Hardware Management Console directory traversal
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-56477
IBM Power Hardware Management Console (Power HMC) v10.3.1050.0 is affected by CVE-2024-56477, a path traversal (CWE-22) vulnerability where an authenticated user can view arbitrary files by sending a crafted URL containing /../. Affects HMC V10.3.1050.0; impact is high on confidentiality with no ...
OESA-2025-1115 git security update
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...
CVE-2025-1094
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl (CVE-2024-56326, CVE-2024-56201)
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56326, CVE-2024-56201. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible...
CVE-2024-36052
RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899...
PT-2025-7072
Name of the Vulnerable Software and Affected Versions: @octokit/request-error versions 1.0.0 through 6.1.6 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...
PT-2025-6726 · Ibm · Ibm Hardware Management Console
Name of the Vulnerable Software and Affected Versions: IBM Power Hardware Management Console version 10.3.1050.0 Description: The issue allows an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...