114 matches found
CVE-2025-68430
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...
CVE-2025-68430
CVE-2025-68430 affects CVAT, an open source video/image annotation tool. Versions 2.8.1 through 2.52.0 permit an account-bearing attacker on a CVAT instance to retrieve the names of files and subdirectories in any file system directory accessible to the CVAT server; contents of files are not expo...
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
CVE-2025-64485 CVAT: Mounted share file overwrite via crafted request
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
CVE-2025-64485
CVE-2025-64485 affects CVAT versions 2.4.0–2.48.1. A user with at least the User global role can create files in the root of a mounted file share or overwrite files there; if no share is mounted, files may be created in the import worker container’s share directory, potentially exhausting disk sp...
PT-2025-45521
Name of the Vulnerable Software and Affected Versions CVAT versions 2.4.0 through 2.48.1 Description CVAT is an interactive video and image annotation tool for computer vision. A user with the User global role can potentially create or overwrite files in the root of a mounted file share. If a fil...
EUVD-2024-36567
Malicious code in bioql PyPI...
EUVD-2025-16446
Malicious code in bioql PyPI...
EUVD-2025-3093
Malicious code in bioql PyPI...
EUVD-2024-41455
Malicious code in bioql PyPI...
EUVD-2022-31743
Malicious code in bioql PyPI...
EUVD-2025-28282
Malicious code in bioql PyPI...
EUVD-2024-42295
Malicious code in bioql PyPI...
EUVD-2024-42258
Malicious code in bioql PyPI...
CVE-2025-54573
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...
CVE-2025-54573
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...
CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...
CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...