Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2025-57430
- EPSS 0.06%
- Veröffentlicht 22.09.2025 00:00:00
- Zuletzt bearbeitet 14.10.2025 19:57:05
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.
8.8
CVE-2025-57434
- EPSS 0.09%
- Veröffentlicht 22.09.2025 00:00:00
- Zuletzt bearbeitet 14.10.2025 19:56:03
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.
8.8
CVE-2025-57439
- EPSS 0.2%
- Veröffentlicht 22.09.2025 00:00:00
- Zuletzt bearbeitet 17.10.2025 20:33:20
Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This al...
1