Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0107

Malicious code in bioql PyPI...

9.8CVSS6.9AI score0.01241EPSS
Exploits3References7
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.14 views

CVE-2023-47115

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.4AI score0.01448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.9 views

CVE-2023-43791

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS7.2AI score0.01241EPSS
Exploits3References1
OSV
OSV
added 2024/01/24 12:15 a.m.13 views

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS6.3AI score0.00592EPSS
Exploits0References4
OSV
OSV
added 2024/01/23 11:15 p.m.29 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

4.7CVSS6.3AI score0.00592EPSS
Exploits0References6
Prion
Prion
added 2024/01/23 11:15 p.m.32 views

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

4.9CVSS5.6AI score0.01448EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/11/09 3:15 p.m.30 views

CVE-2023-43791

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS0.01241EPSS
Exploits3References4
PyPA
PyPA
added 2023/11/09 3:15 p.m.8 views

PYSEC-2023-274

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS7AI score0.01241EPSS
Exploits3References5Affected Software1
Prion
Prion
added 2023/11/09 3:15 p.m.21 views

Format string

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

6.5CVSS7.5AI score0.01241EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2023/11/09 3:15 p.m.11 views

PYSEC-2023-274

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

8.8CVSS9.8AI score0.01241EPSS
Exploits3References4
OSV
OSV
added 2023/11/09 2:42 p.m.31 views

CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS6.9AI score0.01241EPSS
Exploits3References6
CVE
CVE
added 2023/11/09 2:42 p.m.65 views

CVE-2023-43791

Label Studio (before 1.8.2) is affected by an ORM Leak chain that can impersonate any account, enabling privilege escalation to a Django Super Administrator. A patch was introduced in 1.8.2. Public references describe a hard-coded SECRET_KEY vulnerability and a follow-on exploit path that leverag...

9.8CVSS9.6AI score0.01241EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder