5 matches found
CVE-2025-49135
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...
CVE-2025-49135 CVAT missing validation for in-progress backup upload names
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...
CVE-2025-49135
CVAT (open source CV annotation tool) versions 2.2.0–2.39.0 have a missing validation during the import of project/task backups, where the filename in the query parameter is not verified to refer to a TUS-uploaded file owned by the same user. An account with a user role who knows other users’ fil...
CVE-2025-49135 CVAT missing validation for in-progress backup upload names
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...
CVE-2025-48381 CVAT has information disclosure via browsable API
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality...