Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14701 | 1 Craftycontrol | 1 Crafty Controller | 2025-12-23 | N/A | 7.1 HIGH |
| An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification. | |||||
| CVE-2025-14700 | 1 Craftycontrol | 1 Crafty Controller | 2025-12-23 | N/A | 9.9 CRITICAL |
| An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection. | |||||
| CVE-2025-5990 | 1 Craftycontrol | 1 Crafty Controller | 2025-08-11 | N/A | 7.6 HIGH |
| An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input. | |||||
| CVE-2024-1064 | 1 Craftycontrol | 1 Crafty Controller | 2024-11-21 | N/A | 7.5 HIGH |
| A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | |||||