CVE-2026-23526

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

CVE-2026-23516

CVAT (open-source annotation tool) is affected in versions 2.2.0–2.54.0 by an XSS-like vulnerability that lets an attacker execute arbitrary JavaScript in a victim user’s CVAT UI session. The attack requires the attacker to create a malicious label or an SVG in a skeleton configuration and coerce...

CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

EUVD-2026-3774

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2023-40215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

EUVD-2025-38341

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...

EUVD-2024-42257

Malicious code in bioql PyPI...

EUVD-2023-44812

Malicious code in bioql PyPI...

EUVD-2025-23169

Malicious code in bioql PyPI...

CVE-2022-4171

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters inpu...

CVE-2023-40215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

WordPress Plugin demon image annotation SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-40215 WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215 WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215

CVE-2023-40215 refers to a WordPress plugin vulnerability in the Demon image annotation plugin (demon-image-annotation). The issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting versions listed as n/a through 5.1. Public sources corroborate th...

PT-2023-27332 · Unknown · Demon Image Annotation

Name of the Vulnerable Software and Affected Versions: demon image annotation versions n/a through 5.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WordPress Demon image annotation Plugin <= 5.3 is vulnerable to SQL Injection

Software Demon image annotation Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-40215 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 48d8f2dd0426 Credits LEE SE HYOUNG hackintoanetwork Required...

CVE-2022-4171

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters inpu...