68 matches found
EUVD-2025-23889
Malicious code in bioql PyPI...
EUVD-2025-23886
Malicious code in bioql PyPI...
EUVD-2025-23879
Malicious code in bioql PyPI...
EUVD-2025-23888
Malicious code in bioql PyPI...
EUVD-2025-23881
Malicious code in bioql PyPI...
EUVD-2025-23887
Malicious code in bioql PyPI...
EUVD-2025-23878
Malicious code in bioql PyPI...
Bottinelli Informatical Vedo Suite File Inclusion Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A file inclusion vulnerability exists in Bottinelli Informatical Vedo Suite, which stems from an uncleaned readfile function call that can be exploited by an...
Bottinelli Informatical Vedo Suite Information Disclosure Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. An information disclosure vulnerability exists in Bottinelli Informatical Vedo Suite, which stems from plaintext credentials stored in the...
Bottinelli Informatical Vedo Suite File Upload Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A file upload vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which stems from a lack of effective validation of uploaded files by...
Bottinelli Informatical Vedo Suite Cross-Site Scripting Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A cross-site scripting vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which originates from uncleared input in /apivedo/, and can...
Bottinelli Informatical Vedo Suite Access Control Error Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. An access control error vulnerability exists in Bottinelli Informatical Vedo Suite, which can be exploited by an attacker to obtain an elevated privilege JWT...
Bottinelli Informatical Vedo Suite Server-Side Request Forgery Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...
CVE-2025-51053
A Cross-site scripting XSS vulnerability in /apivedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser...
CVE-2025-51057
A local file inclusion LFI vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile' function call in '/apivedo/video/preview'...
CVE-2025-51056
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...
CVE-2025-51052
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'filegetcontents' function call in '/apivedo/template'...
CVE-2025-51055
Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...
CVE-2025-51058
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...
CVE-2025-51054
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...