Davide "davidzzo23" Reggiani

7 exploits Active since Aug 2025
CVE-2025-51052 WRITEUP MEDIUM WORKING POC
Vedo Suite <2024.17 - Path Traversal
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
CVSS 6.5
CVE-2025-51053 WRITEUP MEDIUM WORKING POC
Vedo Suite 2024.17 - Stored Cross-Site Scripting via /api_vedo/ Endpoint
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
CVSS 6.1
CVE-2025-51054 WRITEUP MEDIUM WORKING POC
Vedo Suite 2024.17 - Info Disclosure
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
CVSS 6.5
CVE-2025-51055 WRITEUP HIGH WORKING POC
Vedo Suite <2024.17 - Info Disclosure
Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.
CVSS 8.6
CVE-2025-51056 WRITEUP HIGH WORKING POC
Vedo Suite 2024.17 - Authenticated Unrestricted File Upload and Remote Code Execution via uploadPreviews()
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
CVSS 8.2
CVE-2025-51057 WRITEUP MEDIUM WORKING POC
Vedo Suite 2024.17 - Authenticated Local File Inclusion via /api_vedo/video/preview
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
CVSS 6.5
CVE-2025-51058 WRITEUP MEDIUM WORKING POC
Bottinelli Informatical Vedo Suite 2024.17 - SSRF
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.
CVSS 6.5