📦 Vedo Suite

Vedo Suite version 2024.17 stores sensitive credentials, secret keys, and database information in plain text within the /api_vedo/configuration/config.yml file. This allows attackers with file system ...

This CVE describes a local file inclusion vulnerability in Vedo Suite version 2024.17 that allows authenticated remote attackers to read arbitrary files on the filesystem. The vulnerability exists in ...

Bottinelli Informatical Vedo Suite 2024.17 has a Server-side Request Forgery (SSRF) vulnerability in its /api_vedo/video/preview endpoint. Remote authenticated attackers can exploit this to make the s...

A path traversal vulnerability in Vedo Suite 2024.17 allows authenticated attackers to read arbitrary files on the filesystem by exploiting an unsanitized 'file_get_contents()' function call. This aff...

This Cross-site scripting (XSS) vulnerability in Vedo Suite's /api_vedo/ endpoint allows attackers to inject malicious JavaScript or HTML code. When exploited, this can lead to session hijacking, data...

Vedo Suite 2024.17 has an authentication bypass vulnerability where unauthenticated attackers can obtain high-privilege JWT tokens by sending empty POST requests to the /autologin/ endpoint. This allo...