CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

CVE-2025-54573

CVAT (open-source tool for video/image annotation) is affected in versions 1.1.0 through 2.41.0 due to email verification not being enforced when using Basic HTTP Authentication. This allows account creation with fake emails and potential bot signups, treating users as verified. The issue is addr...

Dedupe Python Library 操作系统命令注入漏洞

Dedupe Python Library is an open source Python library for accurate and scalable fuzzy matching, de-duplication from Dedupe.io. Dedupe Python Library suffers from an operating system command injection vulnerability that stems from issuecomment triggering the execution of untrusted code in the...

CVAT.ai CVAT 授权问题漏洞

CVAT.ai CVAT is an open source data processing tool from CVAT.ai. An authorization issue vulnerability exists in CVAT.ai CVAT versions 1.1.0 to 2.41.0, which stems from not enforcing email validation, and could lead to account creation and bot registration using a fake email address...

PT-2025-31394 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: CVAT versions 1.1.0 through 2.41.0 Description: CVAT is an open source interactive video and image annotation tool for computer vision. Email verification was not enforced when using Basic HTTP Authentication in versions 1.1.0 through 2.41.0,...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Telegram Bot Username Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

How Search Engines, LLMs, and Third-Party Scrapers Affect Bot Management

...

Live Helper Chat 安全漏洞

Live Helper Chat is an open source plugin that supports online chat by an individual developer Live Helper Chat. Provides chat functionality for web platforms. A security vulnerability exists in Live Helper Chat version v4.60, which stems from insufficient validation of Telegram Bot Username...

📄 LiveHelperChat 4.6.1 Cross Site Scripting

LiveHelperChat versions 4.61 and below suffer from multiple persistent cross site scripting vulnerabilities. Exploit Title: LiveHelperChat Live Help Configuration Telegram Bot. 3. In the Bot Username field, enter the following payload: " 4. Save the settings. 5. Revisit the Telegram configuration...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

PT-2025-30330 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in Live Helper Chat version 4.60. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Telegra...

Malicious code in aphorism-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95f15b2b497431703ff51667a4055e8172f9202aeeea0f725b0b0550812f3299 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191683 Malicious code in aphorism-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95f15b2b497431703ff51667a4055e8172f9202aeeea0f725b0b0550812f3299 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...