sismics CVE Vulnerabilities & Metrics

Focus on sismics vulnerabilities and metrics.

Last updated: 07 Jun 2025, 22:25 UTC

About sismics Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with sismics. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total sismics CVEs: 6
Earliest CVE date: 10 Jan 2022, 16:15 UTC
Latest CVE date: 29 Jan 2025, 22:15 UTC

Latest CVE reference: CVE-2024-54852

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 200.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 200.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical sismics CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.3

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 5
4.0-6.9 1
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS sismics CVEs

These are the five CVEs with the highest CVSS scores for sismics, sorted by severity first and recency.

All CVEs for sismics

CVE-2024-54852 sismics vulnerability CVSS: 0 29 Jan 2025, 22:15 UTC

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.

CVE-2024-54851 sismics vulnerability CVSS: 0 29 Jan 2025, 22:15 UTC

Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.

CVE-2024-46278 sismics vulnerability CVSS: 0 07 Oct 2024, 16:15 UTC

Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.

CVE-2023-4892 sismics vulnerability CVSS: 0 25 Sep 2023, 16:15 UTC

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.

CVE-2022-22115 sismics vulnerability CVSS: 3.5 10 Jan 2022, 16:15 UTC

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.

CVE-2022-22114 sismics vulnerability CVSS: 4.3 10 Jan 2022, 16:15 UTC

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker.