CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

EUVD-2025-34824

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may b...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

CVE-2025-11853

The CVE concerns Teedy (Sismics Teedy) up to 1.11, affecting the API’s /api/file endpoint. The root cause is improper access controls in the API Endpoint file, enabling a remote attacker to manipulate access. Public exploit discussion is noted, and the vulnerability is exploitable without user in...

CVE-2025-11853 Sismics Teedy API Endpoint file access control

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

CVE-2025-11853 Sismics Teedy API Endpoint file access control

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

Teedy 访问控制错误漏洞

Teedy is an open source, lightweight document management system for individuals and businesses open-sourced by Teedy France. An access control error vulnerability exists in Teedy 1.11 and earlier versions, which stems from improper access control of the API endpoint component in file/api/file, an...

EUVD-2024-52684

Malicious code in bioql PyPI...

EUVD-2022-27264

Malicious code in bioql PyPI...

EUVD-2025-3057

Malicious code in bioql PyPI...

EUVD-2024-52685

Malicious code in bioql PyPI...

EUVD-2023-54731

Malicious code in bioql PyPI...

EUVD-2022-27263

Malicious code in bioql PyPI...

CVE-2024-46278

Teedy 1.11 is vulnerable to Cross Site Scripting XSS via the management console...

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

📄 Teedy 1.11 Cross Site Scripting

Teedy version 1.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io...

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...