Lucene search
K

114 matches found

NVD
NVD
added 2025/12/19 6:15 p.m.7 views

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

5.3CVSS0.0024EPSS
Exploits0References2
CVE
CVE
added 2025/12/19 5:11 p.m.16 views

CVE-2025-68430

CVE-2025-68430 affects CVAT, an open source video/image annotation tool. Versions 2.8.1 through 2.52.0 permit an account-bearing attacker on a CVAT instance to retrieve the names of files and subdirectories in any file system directory accessible to the CVAT server; contents of files are not expo...

5.3CVSS6.2AI score0.0024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/19 5:11 p.m.20 views

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

5.3CVSS0.0024EPSS
Exploits0References2
OSV
OSV
added 2025/12/19 5:11 p.m.5 views

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/10 5:22 a.m.5 views

CVE-2025-64485

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...

5.3CVSS6.7AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 11:21 p.m.5 views

CVE-2025-64485 CVAT: Mounted share file overwrite via crafted request

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...

5.3CVSS6.7AI score0.00352EPSS
Exploits0References4
CVE
CVE
added 2025/11/07 11:21 p.m.11 views

CVE-2025-64485

CVE-2025-64485 affects CVAT versions 2.4.0–2.48.1. A user with at least the User global role can create files in the root of a mounted file share or overwrite files there; if no share is mounted, files may be created in the import worker container’s share directory, potentially exhausting disk sp...

5.3CVSS6.3AI score0.00352EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45521

Name of the Vulnerable Software and Affected Versions CVAT versions 2.4.0 through 2.48.1 Description CVAT is an interactive video and image annotation tool for computer vision. A user with the User global role can potentially create or overwrite files in the root of a mounted file share. If a fil...

5.3CVSS6.7AI score0.00352EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-36567

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00206EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-16446

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-3093

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00483EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-41455

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-31743

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00453EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28282

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42295

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-42258

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00293EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.5 views

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

6.5CVSS6.3AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/07/30 3:15 p.m.16 views

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

6.5CVSS0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/30 2:32 p.m.11 views

CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

4.3CVSS0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/30 2:32 p.m.16 views

CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

4.3CVSS7.1AI score0.00268EPSS
Exploits0References2
Rows per page
Query Builder