CVE-2026-23516

CVAT (open-source annotation tool) is affected in versions 2.2.0–2.54.0 by an XSS-like vulnerability that lets an attacker execute arbitrary JavaScript in a victim user’s CVAT UI session. The attack requires the attacker to create a malicious label or an SVG in a skeleton configuration and coerce...

CVE-2026-23516

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

PT-2026-3868

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

Linux Distros Unpatched Vulnerability : CVE-2024-2818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16....

GO-2022-0959 Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

Network Policies & Clusterwide Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium...