CVE-2026-0805
- EPSS 0.05%
- Veröffentlicht 30.01.2026 06:04:15
- Zuletzt bearbeitet 26.02.2026 19:57:06
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
CVE-2026-0963
- EPSS 0.13%
- Veröffentlicht 30.01.2026 06:04:05
- Zuletzt bearbeitet 26.02.2026 19:54:36
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
CVE-2025-14700
- EPSS 0.1%
- Veröffentlicht 17.12.2025 00:04:37
- Zuletzt bearbeitet 23.12.2025 21:17:59
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.
CVE-2025-14701
- EPSS 0.06%
- Veröffentlicht 17.12.2025 00:04:32
- Zuletzt bearbeitet 23.12.2025 21:22:47
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.
CVE-2025-5990
- EPSS 0.06%
- Veröffentlicht 15.06.2025 18:01:09
- Zuletzt bearbeitet 11.08.2025 18:46:35
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.
CVE-2024-1064
- EPSS 0.55%
- Veröffentlicht 03.02.2024 09:15:11
- Zuletzt bearbeitet 21.11.2024 08:49:42
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header