← Back

Vedo Suite Project

vedo_suite_project

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Vedo Suite
vedo_suite
7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-51058
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitra...Show more
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.Show less
CVE-2025-51057
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/vide...Show more
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.Show less
CVE-2025-51056
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
8.2 HIGH· v3
N/A· v2
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_...Show more
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).Show less
CVE-2025-51055
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
8.6 HIGH· v3
N/A· v2
Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.
CVE-2025-51054
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin...Show more
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.Show less
CVE-2025-51053
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
CVE-2025-51052
1Vedo Suite Project
1Vedo Suite
Oct 9, 2025
Aug 6, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.