Cvat

Computer Vision Annotation Tool

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-54573

  • EPSS 0.08%
  • Published 30.07.2025 14:32:03
  • Last modified 11.09.2025 15:52:45

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake em...

6.5

CVE-2025-49135

  • EPSS 0.04%
  • Published 25.06.2025 15:15:24
  • Last modified 15.09.2025 15:12:27

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter...

9.8

CVE-2025-23045

  • EPSS 0.53%
  • Published 28.01.2025 16:15:40
  • Last modified 16.09.2025 17:32:18

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This...

6.1

CVE-2024-47063

  • EPSS 0.17%
  • Published 30.09.2024 15:15:06
  • Last modified 30.10.2024 18:24:21

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a...

6.1

CVE-2024-47064

  • EPSS 0.2%
  • Published 30.09.2024 15:15:06
  • Last modified 30.10.2024 18:23:17

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's b...

5.4

CVE-2024-47172

  • EPSS 0.09%
  • Published 30.09.2024 15:15:06
  • Last modified 30.10.2024 18:20:58

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. T...

6.4

CVE-2024-45393

  • EPSS 0.09%
  • Published 10.09.2024 15:15:18
  • Last modified 21.01.2025 14:33:37

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of o...

7.1

CVE-2024-37306

  • EPSS 0.2%
  • Published 13.06.2024 15:15:53
  • Last modified 21.01.2025 14:37:34

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they ca...

8.5

CVE-2024-37164

  • EPSS 0.21%
  • Published 13.06.2024 15:15:52
  • Last modified 21.01.2025 14:35:52

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and...

9

CVE-2021-45046

Warning
  • EPSS 94.34%
  • Published 14.12.2021 19:15:07
  • Last modified 12.03.2025 19:52:00

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a n...