Skip to main content
CVE-2025-11853 LOW POC Monitor

Improper access controls in Sismics Teedy up to version 1.11 allow authenticated remote attackers to manipulate the /api/file endpoint, leading to unauthorized information disclosure. The vulnerability has publicly available exploit code and affects all versions through 1.11, though the vendor has not responded to disclosure notifications. With an EPSS score of 0.05% and low CVSS impact severity despite network accessibility, real-world exploitation appears limited to scenarios where attackers already possess valid authentication credentials.

Information Disclosure Teedy
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11851 LOW POC Monitor

Cross-site scripting (XSS) in Apeman ID71 EN75.8.53.20 allows authenticated remote attackers to inject malicious scripts via the alias parameter in /set_alias.cgi, requiring user interaction for payload execution. Publicly available exploit code exists, but EPSS score of 0.03% and vendor non-responsiveness suggest limited real-world exploitation despite confirmed POC availability.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11840 LOW POC Monitor

Out-of-bounds read in GNU Binutils 2.45 linker (ld) allows local authenticated attackers to read adjacent memory via manipulation of the vfinfo function in ldmisc.c, potentially disclosing sensitive information. Public exploit code is available, though the EPSS score of 0.03% indicates minimal real-world exploitation probability. The CVSS severity of 1.9 reflects limited impact (availability only) and requirement for local authenticated access.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11839 LOW POC Monitor

GNU Binutils 2.45 allows local privilege-escalable information disclosure through an unchecked return value in the tg_tag_type function of prdbg.c, enabling authenticated local attackers to trigger unvalidated memory reads that leak sensitive data. CVSS score of 1.9 reflects minimal impact (availability only), though publicly available exploit code exists; EPSS 0.02% indicates negligible real-world exploitation probability despite POC availability.

Information Disclosure
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy