Lucene search
K

152 matches found

RedhatCVE
RedhatCVE
added 2025/06/17 6:21 p.m.15 views

CVE-2025-5990

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS7AI score0.00218EPSS
Exploits1References1
NVD
NVD
added 2025/06/15 6:15 p.m.27 views

CVE-2025-5990

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS0.00218EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/15 6:1 p.m.4 views

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS5.7AI score0.00218EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/15 6:1 p.m.31 views

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS0.00218EPSS
Exploits1References1
CVE
CVE
added 2025/06/15 6:1 p.m.60 views

CVE-2025-5990

The CVE-2025-5990 entry concerns Crafty Controller. A stored XSS vulnerability arises from improper neutralization of input in the Server Name form and API Key form components, enabling a remote, authenticated attacker to inject malicious input. Technical details from PT-2025-25503 specify affect...

7.6CVSS7.1AI score0.00218EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/06/15 6:1 p.m.6 views

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

7.6CVSS5.7AI score0.00218EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/15 12:0 a.m.7 views

PT-2025-25503 · Unknown · Crafty Controller

Name of the Vulnerable Software and Affected Versions: Crafty Controller versions 4.2.2 through 4.2.3 Crafty Controller versions 4.3.0 through 4.3.2 Crafty Controller versions 4.4.0 through 4.4.9 Description: An input neutralization vulnerability in the Server Name form and API Key form component...

7.6CVSS5.1AI score0.00218EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/06/15 12:0 a.m.4 views

Crafty Controller 跨站脚本漏洞

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improperly neutralized inputs to the server name form and API key form components, which could lead to a stored cross-site scripting attack...

7.6CVSS5.8AI score0.00218EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 a.m.12 views

CVE-2011-3723

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

5CVSS6.5AI score0.01335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:53 a.m.6 views

CVE-2017-18578

The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS...

6.1CVSS7.1AI score0.00905EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:35 a.m.8 views

CVE-2024-1064

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

7.5CVSS7.1AI score0.00808EPSS
Exploits1References1
CVE
CVE
added 2024/08/15 12:0 a.m.60 views

CVE-2024-42981

The CVE-2024-42981 vulnerability affects Tenda FH1206 v02.03.01.35. Root cause: a stack overflow in the delno parameter of the fromPptpUserSetting function, exploitable via a crafted POST request, leading to Denial of Service. Connected sources consistently describe the same issue across multiple...

7.5CVSS7.6AI score0.00552EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2024/03/13 10:14 a.m.31 views

Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats

Google's Gemini large language model LLM is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Goog...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/16 10:57 a.m.7 views

craftypint.com Cross Site Scripting vulnerability OBB-3853434

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Prion
Prion
added 2024/02/03 9:15 a.m.130 views

Design/Logic Flaw

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

5CVSS7.4AI score0.00808EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/03 9:2 a.m.61 views

CVE-2024-1064

Summary of CVE-2024-1064 (Crafty Controller) : The issue is a host header injection in the HTTP handler of Crafty Controller, enabling a remote, unauthenticated attacker to trigger a Denial of Service via a modified Host header. Reported CVSSv3.1 base score is 7.5 (HIGH) with NETWORK attack vecto...

7.5CVSS7.5AI score0.00808EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/03 12:0 a.m.6 views

PT-2024-16425 · Unknown · Crafty Controller

Name of the Vulnerable Software and Affected Versions: Crafty Controller affected versions not specified Description: A host header injection issue in the HTTP handler component allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...

7.5CVSS7.5AI score0.00808EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/02/03 12:0 a.m.7 views

Crafty Controller Security Vulnerability

Crafty Controller is a Minecraft server control panel/launcher. A security vulnerability exists in Crafty Controller that stems from the presence of a host header injection vulnerability that allows an unauthenticated, remote attacker to trigger a denial of service DoS via a modified host header...

7.5CVSS7.2AI score0.00808EPSS
Exploits1References2
NVD
NVD
added 2023/04/19 4:15 a.m.22 views

CVE-2023-2135

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS7.8AI score0.01EPSS
Exploits0References10
Prion
Prion
added 2022/08/01 1:15 p.m.12 views

Code injection

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, bu...

4CVSS4.8AI score0.00504EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder