Lucene search
K

20 matches found

NVD
NVD
added 2025/12/08 10:15 p.m.5 views

CVE-2025-14276

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

6.3CVSS0.01455EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.9 views

PT-2025-49597

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

6.3CVSS6.7AI score0.01455EPSS
Exploits0References5
NVD
NVD
added 2025/11/20 4:15 p.m.7 views

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

9.8CVSS0.00896EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2025/11/03 12:0 a.m.111 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials

Ilevia EVE X1/X5 Server version 4.7.18.0.eden uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected versio...

9.8CVSS7.2AI score0.00533EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2025/11/03 12:0 a.m.167 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

9.8CVSS5.8AI score0.00533EPSS
Exploits2
CVE
CVE
added 2025/10/16 5:56 p.m.16 views

CVE-2025-34517

Ilevia EVE X1 Server firmware

8.7CVSS6.5AI score0.00599EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2025/10/16 5:56 p.m.19 views

CVE-2025-34514

The CVE-2025-34514 entry concerns Ilevia EVE X1 Server firmware ≤ 4.7.18.0.eden, where authenticated users can trigger OS command injections via multiple web‑accessible PHP scripts that call exec(). Several connected sources document authenticated remote command injection, with PoC material indic...

8.8CVSS7.7AI score0.02071EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 5:55 p.m.3 views

CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...

5.1CVSS5.9AI score0.00371EPSS
Exploits3References3
CVE
CVE
added 2025/10/16 5:55 p.m.13 views

CVE-2025-34512

The CVE-2025-34512 entry affects Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden, with multiple publicly disclosed issues summarized in connected documents: a pre-authentication file disclosure via the db_log POST parameter; an unauthenticated OS command injection in /ajax/php/login.php vi...

6.1CVSS5.9AI score0.00371EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 5:55 p.m.4 views

CVE-2025-34518 Ilevia EVE X1 Server 4.7.18.0.eden Relative Path Traversal

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

8.7CVSS6.5AI score0.00599EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/16 5:53 p.m.4 views

EUVD-2025-34801

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

9.3CVSS7.7AI score0.07616EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2025/10/16 5:52 p.m.4 views

CVE-2025-34516 Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

9.3CVSS6.7AI score0.00533EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and earlier versions, which stems from the presence of absolute path traversal in getfilecontent.php, which could lead to reading arbitrary files...

8.7CVSS6.7AI score0.00599EPSS
Exploits3References4
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from a reflected cross-site scripting vulnerability in index.php that could lead to the execution of arbitrary cod...

6.1CVSS6.2AI score0.00371EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2025/09/18 8:29 p.m.9 views

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.8CVSS8.3AI score0.02743EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/09/16 7:44 p.m.3 views

CVE-2025-34185 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated File Disclosure

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'dblog' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials...

8.7CVSS6.3AI score0.00793EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/16 7:40 p.m.8 views

CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.3CVSS0.02743EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2025/08/22 6:8 a.m.156 views

Exploit for CVE-2025-60739

ilevia-EVE-X1-Server-CSRF ilevia EVE X1 Server /bhwebbackend...

6.4AI score0.00276EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2025/08/19 12:0 a.m.294 views

Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

9.3CVSS5.8AI score0.00655EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/07/31 12:0 a.m.105 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden Command Injection

iIlevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the passwd HTTP POST parameter in the /ajax/php/login.php script. !/usr/bin/env python Ilevia EVE ...

8.7AI score
Exploits0
Rows per page
Query Builder