Lucene search
K

179 matches found

EUVD
EUVD
added 2026/01/12 5:47 p.m.6 views

EUVD-2026-1921

Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one who can trick a user/administrator into updating their...

8.6CVSS5.2AI score0.00207EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/12 5:47 p.m.6 views

CVE-2026-22033 Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one who can trick a user/administrator into updating their...

8.6CVSS5.3AI score0.00207EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/12 5:47 p.m.25 views

CVE-2026-22033 Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one who can trick a user/administrator into updating their...

8.6CVSS0.00207EPSS
Exploits1References3
CVE
CVE
added 2026/01/12 5:47 p.m.37 views

CVE-2026-22033

Label Studio (1.22.0 and earlier) is affected by a persistent stored XSS in the custom_hotkeys field. An authenticated attacker (or one who can trick a user into updating custom_hotkeys) can inject JavaScript that runs in other users’ browsers when loading pages using templates/base.html. The app...

8.6CVSS5.3AI score0.00207EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/12 4:12 p.m.9 views

GHSA-2MQ9-HM29-8QCH Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...

8.6CVSS6.3AI score0.00207EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/01/12 4:12 p.m.7 views

rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2026-22033 via label-studio (=1.17.0)

label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2026-22033 Source advisory: OSV:GHSA-2MQ9-HM29-8QCH...

8.6CVSS5.8AI score0.00207EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/12 4:12 p.m.5 views

rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2026-22033 via label-studio (=1.17.0)

label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2026-22033 Source advisory: SNYK:PYTHON-LABELSTUDIO-14914483...

8.6CVSS5.8AI score0.00207EPSS
Exploits1
Snyk
Snyk
added 2026/01/12 4:12 p.m.2 views

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the customhotkeys process. An attacker can execute arbitrary JavaScript in the context of another user's browser and gain unauthorized access to sensitive API...

8.6CVSS5.8AI score0.00207EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.5 views

Label Studio 访问控制错误漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. An access control error vulnerability exists in Label Studio 1.22....

8.6CVSS5.7AI score0.00207EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.9 views

PT-2026-2287

Name of the Vulnerable Software and Affected Versions Label Studio versions prior to 1.22.0 Description Label Studio is a multi-type data labeling and annotation tool. A persistent stored cross-site scripting XSS issue exists in the custom hotkeys functionality. An authenticated attacker, or...

8.6CVSS5.8AI score0.00207EPSS
Exploits1References17
Snyk
Snyk
added 2025/12/02 6:35 a.m.3 views

Missing Authorization

Overview label-studio-sso is a Native JWT authentication for Label Studio OSS - simple and secure SSO integration Affected versions of this package are vulnerable to Missing Authorization due to missing validation in the SSO token API. The API does not restrict account creation to pre-registered...

5.4CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2025/12/02 6:35 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview label-studio-sso is a Native JWT authentication for Label Studio OSS - simple and secure SSO integration Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to an improper exemption in the JWTSSOSessionAuthentication mechanism that disables CSRF token...

5.1CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0544

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.02199EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0084

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00592EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2024-0083

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00737EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0107

Malicious code in bioql PyPI...

9.8CVSS6.9AI score0.01241EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4107

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00617EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4106

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.01778EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-16264

Malicious code in bioql PyPI...

7.8CVSS5.5AI score0.00188EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4105

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00708EPSS
Exploits0References3
Rows per page
Query Builder