Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-51056
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
CVSS Score
8.2
EPSS Score
0.001
Published
2025-08-06
CVE-2025-51057
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
CVE-2025-51058
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
CVE-2025-46660
An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-06
CVE-2025-51052
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
CVE-2025-51053
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-08-06
CVE-2025-51054
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
CVE-2024-55399
4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-06
CVE-2024-55402
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-06
CVE-2024-55398
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved