Lucene search
K

5 matches found

NVD
NVD
added 2025/06/25 3:15 p.m.5 views

CVE-2025-49135

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

6.5CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/25 3:5 p.m.7 views

CVE-2025-49135 CVAT missing validation for in-progress backup upload names

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

5.3CVSS7.1AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2025/06/25 3:5 p.m.26 views

CVE-2025-49135

CVAT (open source CV annotation tool) versions 2.2.0–2.39.0 have a missing validation during the import of project/task backups, where the filename in the query parameter is not verified to refer to a TUS-uploaded file owned by the same user. An account with a user role who knows other users’ fil...

6.5CVSS7.1AI score0.00255EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/06/25 3:5 p.m.8 views

CVE-2025-49135 CVAT missing validation for in-progress backup upload names

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

5.3CVSS6.7AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2025/05/30 3:38 a.m.7 views

CVE-2025-48381 CVAT has information disclosure via browsable API

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality...

5.3CVSS6.3AI score0.00244EPSS
Exploits0References4
Rows per page
Query Builder