Lucene search
K

179 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0136

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.05088EPSS
Exploits3References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-16264

Malicious code in bioql PyPI...

7.8CVSS5.5AI score0.00188EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/28 7:17 a.m.13 views

CVE-2025-5173

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

7.8CVSS7AI score0.00188EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/05/26 9:30 a.m.27 views

fast-label-studio (>=0.1.0 <=0.4.0), label-studio-paddleocr (>=0.1.0 <=0.2.0) +1 more potentially affected by CVE-2025-5173 via label-studio-ml (=1.0.9)

label-studio-ml PYPI version =1.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio-ml and may be impacted: - fast-label-studio =0.1.0, =0.1.0, =0.2.0 - phenocv =0.1.0 Source cves: CVE-2025-5173 Source advisory: OSV:GHSA-55G9-6C2X-GF8Q...

7.8CVSS6AI score0.00188EPSS
Exploits0
OSV
OSV
added 2025/05/26 9:30 a.m.4 views

GHSA-55G9-6C2X-GF8Q HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

5.3CVSS4.9AI score0.00188EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/05/26 9:30 a.m.12 views

HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

7.8CVSS6.8AI score0.00188EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/05/26 7:15 a.m.4 views

CVE-2025-5173

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

7.8CVSS4.7AI score0.00188EPSS
Exploits0References4
NVD
NVD
added 2025/05/26 7:15 a.m.39 views

CVE-2025-5173

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

7.8CVSS0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/26 6:31 a.m.8 views

CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

5.3CVSS5.4AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/26 6:31 a.m.28 views

CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

5.3CVSS0.00188EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.5 views

label-studio-ml-backend 代码问题漏洞

label-studio-ml-backend is a Label Studio machine learning backend configuration and sample from HumanSignal open source. A code issue vulnerability exists in label-studio-ml-backend 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and prior versions, which stems from a parameter path manipulation leadin...

7.8CVSS5.4AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/26 12:0 a.m.13 views

PT-2025-22915

Name of the Vulnerable Software and Affected Versions HumanSignal label-studio-ml-backend versions up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf Description A vulnerability has been found in the function load of the file label-studio-ml-backend/label studio ml/examples/yolo/utils/neural nets.py ...

7.8CVSS5.5AI score0.00188EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.4 views

CVE-2024-26152

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

6.1CVSS6.2AI score0.02199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.4 views

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS7.1AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.14 views

CVE-2023-47117

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.6AI score0.04055EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.14 views

CVE-2023-47115

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.4AI score0.01448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.4 views

CVE-2023-47116

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...

5.3CVSS6.6AI score0.00737EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.9 views

CVE-2023-43791

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS7.2AI score0.01241EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.7 views

Label Studio < 1.18.0 Reflected Cross-Site Scripting

Label Studio versions prior to 1.18.0 are vulnerable to a Reflected Cross-Site Scripting on '/projects/upload-example/' endpoint. This detection is included in the AI and LLM category. No source data...

7.6CVSS6.6AI score0.0054EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/16 11:13 p.m.18 views

CVE-2025-47783

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS6.7AI score0.0054EPSS
Exploits1References1
Rows per page
Query Builder