Lucene search
K

59 matches found

CNNVD
CNNVD
added 2026/01/30 12:0 a.m.6 views

Crafty Controller path traversal vulnerability

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation flaw in the File Operations API Endpoint component. This vulnerability could allow authenticated remote attackers to manipulate...

9.9CVSS6.2AI score0.00681EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.11 views

PT-2026-5381

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization issue exists in the File Operations API Endpoint component of Crafty Controller. A remote, authenticated attacker can exploit this to perform file tampering...

9.9CVSS6.4AI score0.00681EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.7 views

Crafty Controller path traversal vulnerability

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation issue in the Backup Configuration component. This vulnerability could allow authenticated remote attackers to manipulate files and...

8.8CVSS6.2AI score0.00599EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.12 views

PT-2026-5380

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization weakness exists in the Backup Configuration component of Crafty Controller. A remote, authenticated attacker can exploit this to tamper with files and execut...

8.2CVSS6AI score0.00599EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.431 views

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

9.9CVSS7.8AI score0.05995EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/12/18 12:35 a.m.4 views

CVE-2025-14700

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

9.9CVSS8AI score0.05995EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/18 12:35 a.m.10 views

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS6.2AI score0.00245EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/17 8:10 p.m.169 views

Exploit for CVE-2025-14700

CVE-2025-14700 POC Automatic exploit for Authentic...

9.9CVSS7AI score0.05995EPSS
Exploits2
NVD
NVD
added 2025/12/17 1:15 a.m.7 views

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 1:15 a.m.10 views

CVE-2025-14700

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

9.9CVSS0.05995EPSS
Exploits2References1
CVE
CVE
added 2025/12/17 12:4 a.m.21 views

CVE-2025-14700

CVE-2025-14700 affects Crafty Controller 4.6.1 in the Webhook Template component. The supplied documents describe an input neutralization vulnerability that enables authenticated attackers to achieve remote code execution via Server-Side Template Injection (SSTI). Multiple sources (NVD/Red Hat/CV...

9.9CVSS7.6AI score0.05995EPSS
Exploits2References1Affected Software1
EUVD
EUVD
added 2025/12/17 12:4 a.m.7 views

EUVD-2025-203859

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

9.9CVSS7.4AI score0.05995EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/12/17 12:4 a.m.1 views

CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

9.9CVSS7.6AI score0.05995EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/12/17 12:4 a.m.29 views

CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

9.9CVSS0.05995EPSS
Exploits2References1
OSV
OSV
added 2025/12/17 12:4 a.m.5 views

CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

9.9CVSS7.9AI score0.05995EPSS
Exploits2References3
CVE
CVE
added 2025/12/17 12:4 a.m.18 views

CVE-2025-14701

CVE-2025-14701 affects Crafty Controller’s Server MOTD component. The issue is improper input neutralization that enables a remote, unauthenticated attacker to perform stored XSS by modifying the server MOTD. CVSS v3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 12:4 a.m.2 views

CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 12:4 a.m.29 views

CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/17 12:4 a.m.5 views

EUVD-2025-203860

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS5.7AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 12:4 a.m.6 views

CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

7.1CVSS6.1AI score0.00245EPSS
Exploits0References3
Rows per page
Query Builder