Lucene search
K

21311 matches found

Snyk
Snyk
added 2025/02/14 5:41 p.m.2 views

Directory Traversal

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Directory Traversal via the download function due to improper input validation when processing image references during task exports. . An attacker can access files outside the intended...

8.7CVSS7.7AI score0.00708EPSS
Exploits0References2
NVD
NVD
added 2025/02/14 5:15 p.m.22 views

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS0.00708EPSS
Exploits0References2
OSV
OSV
added 2025/02/14 4:50 p.m.12 views

CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS6.2AI score0.00708EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/14 4:50 p.m.25 views

CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS0.00708EPSS
Exploits0References2
CVE
CVE
added 2025/02/14 4:50 p.m.73 views

CVE-2025-25295

Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...

8.7CVSS6.3AI score0.00708EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/14 4:50 p.m.12 views

CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS5.9AI score0.00708EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/02/14 3:16 p.m.14 views

Label Studio has a Path Traversal Vulnerability via image Field

Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...

8.7CVSS6.5AI score0.00708EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/02/14 3:16 p.m.17 views

GHSA-RGV9-W7JP-M23G Label Studio has a Path Traversal Vulnerability via image Field

Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...

8.7CVSS6.1AI score0.00708EPSS
Exploits0References4
NVD
NVD
added 2025/02/14 3:15 p.m.6 views

CVE-2024-56477

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.0047EPSS
Exploits0References1
OSV
OSV
added 2025/02/14 3:15 p.m.2 views

CVE-2024-56477

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS5.9AI score0.0047EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 2:49 p.m.10 views

CVE-2024-56477 IBM Power Hardware Management Console directory traversal

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.6AI score0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/14 2:49 p.m.11 views

CVE-2024-56477 IBM Power Hardware Management Console directory traversal

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.0047EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 2:49 p.m.46 views

CVE-2024-56477

IBM Power Hardware Management Console (Power HMC) v10.3.1050.0 is affected by CVE-2024-56477, a path traversal (CWE-22) vulnerability where an authenticated user can view arbitrary files by sending a crafted URL containing /../. Affects HMC V10.3.1050.0; impact is high on confidentiality with no ...

6.5CVSS6.3AI score0.0047EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/14 12:12 p.m.3 views

OESA-2025-1115 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

8.8CVSS7.1AI score0.00494EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/14 7:25 a.m.14 views

CVE-2025-1094

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS8.6AI score0.89472EPSS
Exploits14References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/14 6:34 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl (CVE-2024-56326, CVE-2024-56201)

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56326, CVE-2024-56201. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible...

8.8CVSS7.1AI score0.005EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 4:44 a.m.8 views

CVE-2024-36052

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899...

7.5CVSS6.5AI score0.00817EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.2 views

PT-2025-7072

Name of the Vulnerable Software and Affected Versions: @octokit/request-error versions 1.0.0 through 6.1.6 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.5AI score0.0058EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.3 views

PT-2025-6726 · Ibm · Ibm Hardware Management Console

Name of the Vulnerable Software and Affected Versions: IBM Power Hardware Management Console version 10.3.1050.0 Description: The issue allows an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to...

6.5CVSS6.8AI score0.0047EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blog
added 2025/02/13 3:7 p.m.90 views

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...

9.8CVSS9.2AI score0.89472EPSS
Exploits14
Rows per page
Query Builder