CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...

8.4CVSS7.4AI score0.00901EPSS

Exploits3

RedhatCVE•added 2025/02/06 2:29 a.m.•8 views

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...

7.5CVSS7AI score0.00166EPSS

Exploits0References1

NVD•added 2025/01/29 10:15 p.m.•13 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

8.8CVSS0.00038EPSS

Exploits1References1

Positive Technologies•added 2025/01/29 12:0 a.m.•2 views

PT-2025-3080 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.12 and earlier Description: The issue is related to Cross Site Request Forgery CSRF, which occurs due to the lack of CSRF protection. Recommendations: For Teedy versions 1.12 and earlier, as a temporary workaround, consider...

8.8CVSS7AI score0.00038EPSS

Exploits1References5

Cvelist•added 2025/01/29 12:0 a.m.•17 views

CVE-2024-54851

Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...

0.00038EPSS

Exploits1References1

CVE•added 2025/01/29 12:0 a.m.•44 views

CVE-2024-54851

CVE-2024-54851 affects Teedy up to version 1.12, where CSRF protection is lacking, enabling CSRF attacks as described in multiple sources (CVSSv3.1: 8.8, HIGH). The vulnerability concerns the web UI flow and request handling, with no explicit exploitation details in the provided documents. Red Ha...

8.8CVSS8.8AI score0.00038EPSS

Exploits1References1Affected Software1

CVE•added 2025/01/29 12:0 a.m.•47 views

CVE-2024-54852

Teedy CVE-2024-54852 affects Teedy versions 1.9–1.12. The LDAP injection arises from improper sanitization of the username field in the LDAP login flow, enabling an unauthenticated attacker to perform actions such as creating arbitrary accounts and spraying passwords. Remediation: update LDAP han...

9.8CVSS7.1AI score0.00129EPSS

Exploits1References1Affected Software1

NVD•added 2025/01/13 4:15 p.m.•16 views

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...

7.5CVSS0.00166EPSS

Exploits0References4