59 matches found
Crafty Controller 安全漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A security vulnerability exists in Crafty Controller that stems from improper input neutralization of the Webhook Template component, which could lead to remote code execution via server-side template injection...
PT-2025-51795
Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description A flaw exists in the Server MOTD component of Crafty Controller that allows a remote, unauthenticated attacker to inject malicious code through modification of the server MOTD. This...
Crafty Controller 跨站脚本漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improper neutralization of inputs to the Server MOTD component, which could lead to a stored cross-site scripting attack by modifying the...
PT-2025-51794
Name of the Vulnerable Software and Affected Versions Crafty Controller version 4.6.1 Description An input neutralization issue exists within the Webhook Template component of Crafty Controller. This allows a remote, authenticated attacker to execute code on the system through Server Side Templat...
EUVD-2024-16839
Malicious code in bioql PyPI...
EUVD-2025-18347
Malicious code in bioql PyPI...
CVE-2025-5990
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990
The CVE-2025-5990 entry concerns Crafty Controller. A stored XSS vulnerability arises from improper neutralization of input in the Server Name form and API Key form components, enabling a remote, authenticated attacker to inject malicious input. Technical details from PT-2025-25503 specify affect...
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
Crafty Controller 跨站脚本漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improperly neutralized inputs to the server name form and API key form components, which could lead to a stored cross-site scripting attack...
PT-2025-25503 · Unknown · Crafty Controller
Name of the Vulnerable Software and Affected Versions: Crafty Controller versions 4.2.2 through 4.2.3 Crafty Controller versions 4.3.0 through 4.3.2 Crafty Controller versions 4.4.0 through 4.4.9 Description: An input neutralization vulnerability in the Server Name form and API Key form component...
CVE-2024-1064
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
Design/Logic Flaw
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
CVE-2024-1064
Summary of CVE-2024-1064 (Crafty Controller) : The issue is a host header injection in the HTTP handler of Crafty Controller, enabling a remote, unauthenticated attacker to trigger a Denial of Service via a modified Host header. Reported CVSSv3.1 base score is 7.5 (HIGH) with NETWORK attack vecto...
Crafty Controller Security Vulnerability
Crafty Controller is a Minecraft server control panel/launcher. A security vulnerability exists in Crafty Controller that stems from the presence of a host header injection vulnerability that allows an unauthenticated, remote attacker to trigger a denial of service DoS via a modified host header...
PT-2024-16425 · Unknown · Crafty Controller
Name of the Vulnerable Software and Affected Versions: Crafty Controller affected versions not specified Description: A host header injection issue in the HTTP handler component allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...