11 matches found
EUVD-2025-23879
Malicious code in bioql PyPI...
Bottinelli Informatical Vedo Suite File Upload Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A file upload vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which stems from a lack of effective validation of uploaded files by...
Bottinelli Informatical Vedo Suite Cross-Site Scripting Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A cross-site scripting vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which originates from uncleared input in /apivedo/, and can...
CVE-2025-51056
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...
CVE-2025-51054
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...
CVE-2025-51057
The CVE-2025-51057 entry describes a local file inclusion (LFI) in Bottinelli/Vedo Suite 2024.17 via the /api_vedo/video/preview endpoint. The root cause is an unsanitized readfile() call that lets an authenticated attacker read arbitrary filesystem files. Impact is read access to sensitive files...
CVE-2025-51056
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...
CVE-2025-51052
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'filegetcontents' function call in '/apivedo/template'...
Bottinelli Informatical Vedo Suite 安全漏洞
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A security vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17 that stems from an uncleaned filegetcontents function call that could le...
Bottinelli Informatical Vedo Suite 安全漏洞
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A file upload vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which stems from a lack of effective validation of uploaded files by...
Bottinelli Informatical Vedo Suite 安全漏洞
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A cross-site scripting vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which originates from uncleared input in /apivedo/, and can...