15 matches found
CVE-2026-15628
A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...
CVE-2026-15628
The CVE-2026-15628 affects zhayujie chatgpt-on-wechat CowAgent ≤ 2.1.1, specifically the Vision Tool’s Vision._download_to_data_url function. A manipulation of the image argument enables server-side request forgery, allowing remote initiation of attacks. Exploitation is supported by public disclo...
EUVD-2026-43617
A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...
CVE-2026-15330
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...
CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...
EUVD-2026-42788
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...
CVE-2026-15330
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...
CVE-2026-15330
CVE-2026-15330 affects zhayujie CowAgent — Vision Tool, specifically the file vision.py, function _build_image_content/_download_to_data_url. The vulnerability arises from manipulating the input image argument, enabling remote SSRF via the Vision Tool component. Attacker could trigger remotely; e...
CVAT.ai CVAT 安全漏洞
CVAT.ai CVAT is an open source data processing tool from CVAT.ai. A security vulnerability exists in CVAT.ai CVAT versions 2.8.1 through 2.52.0 that originates from an attacker being able to retrieve the contents of any file system directory accessible by the CVAT server, potentially leading to a...
EUVD-2024-42258
Malicious code in bioql PyPI...
EUVD-2024-42257
Malicious code in bioql PyPI...
EUVD-2024-41455
Malicious code in bioql PyPI...
Computer Vision Annotation Tool 代码问题漏洞
Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A code issue vulnerability exists in Computer Vision Annotation Tool that originates when running certain types of serverless functions, which could allow an attacker to...
PT-2025-4790 · Nuclio +1 · Nuclio +1
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.26.0 Description: The issue allows an attacker with an account on an affected CVAT instance to run arbitrary code in the context of the Nuclio function container. This affects CVAT...
CVAT Security Vulnerabilities
CVAT is an interactive video and image annotation tool for computer vision. A security vulnerability exists in CVAT version 2.2.0 through versions prior to 2.14.3. An attacker exploiting this vulnerability could obtain media files, annotations, settings, and other information from any project,...