Lucene search
K

59 matches found

CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Crafty Controller 安全漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A security vulnerability exists in Crafty Controller that stems from improper input neutralization of the Webhook Template component, which could lead to remote code execution via server-side template injection...

9.9CVSS7.7AI score0.05995EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51795

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description A flaw exists in the Server MOTD component of Crafty Controller that allows a remote, unauthenticated attacker to inject malicious code through modification of the server MOTD. This...

7.1CVSS5.7AI score0.00245EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

Crafty Controller 跨站脚本漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improper neutralization of inputs to the Server MOTD component, which could lead to a stored cross-site scripting attack by modifying the...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.9 views

PT-2025-51794

Name of the Vulnerable Software and Affected Versions Crafty Controller version 4.6.1 Description An input neutralization issue exists within the Webhook Template component of Crafty Controller. This allows a remote, authenticated attacker to execute code on the system through Server Side Templat...

9.9CVSS7.7AI score0.05995EPSS
Exploits2References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-16839

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00808EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-18347

Malicious code in bioql PyPI...

7.6CVSS6.5AI score0.00218EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/06/17 6:21 p.m.15 views

CVE-2025-5990

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS7AI score0.00218EPSS
Exploits1References1
NVD
NVD
added 2025/06/15 6:15 p.m.27 views

CVE-2025-5990

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS0.00218EPSS
Exploits1References1
CVE
CVE
added 2025/06/15 6:1 p.m.59 views

CVE-2025-5990

The CVE-2025-5990 entry concerns Crafty Controller. A stored XSS vulnerability arises from improper neutralization of input in the Server Name form and API Key form components, enabling a remote, authenticated attacker to inject malicious input. Technical details from PT-2025-25503 specify affect...

7.6CVSS7.1AI score0.00218EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/06/15 6:1 p.m.30 views

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS0.00218EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/15 6:1 p.m.4 views

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS5.7AI score0.00218EPSS
Exploits1References1
OSV
OSV
added 2025/06/15 6:1 p.m.6 views

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS5.7AI score0.00218EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/15 12:0 a.m.4 views

Crafty Controller 跨站脚本漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improperly neutralized inputs to the server name form and API key form components, which could lead to a stored cross-site scripting attack...

7.6CVSS5.8AI score0.00218EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/15 12:0 a.m.6 views

PT-2025-25503 · Unknown · Crafty Controller

Name of the Vulnerable Software and Affected Versions: Crafty Controller versions 4.2.2 through 4.2.3 Crafty Controller versions 4.3.0 through 4.3.2 Crafty Controller versions 4.4.0 through 4.4.9 Description: An input neutralization vulnerability in the Server Name form and API Key form component...

7.6CVSS5.1AI score0.00218EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/02/05 5:35 a.m.7 views

CVE-2024-1064

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

7.5CVSS7.1AI score0.00808EPSS
Exploits1References1
Prion
Prion
added 2024/02/03 9:15 a.m.128 views

Design/Logic Flaw

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

5CVSS7.4AI score0.00808EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/03 9:2 a.m.61 views

CVE-2024-1064

Summary of CVE-2024-1064 (Crafty Controller) : The issue is a host header injection in the HTTP handler of Crafty Controller, enabling a remote, unauthenticated attacker to trigger a Denial of Service via a modified Host header. Reported CVSSv3.1 base score is 7.5 (HIGH) with NETWORK attack vecto...

7.5CVSS7.5AI score0.00808EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/02/03 12:0 a.m.6 views

Crafty Controller Security Vulnerability

Crafty Controller is a Minecraft server control panel/launcher. A security vulnerability exists in Crafty Controller that stems from the presence of a host header injection vulnerability that allows an unauthenticated, remote attacker to trigger a denial of service DoS via a modified host header...

7.5CVSS7.2AI score0.00808EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/02/03 12:0 a.m.5 views

PT-2024-16425 · Unknown · Crafty Controller

Name of the Vulnerable Software and Affected Versions: Crafty Controller affected versions not specified Description: A host header injection issue in the HTTP handler component allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

7.5CVSS7.5AI score0.00808EPSS
Exploits1References7
Rows per page
Query Builder