131 matches found
Exploit for Cross-Site Request Forgery (CSRF) in Ilevia Eve_X1_Server_Firmware
No d...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation
A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...
CVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
EUVD-2025-201816
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276 Ilevia EVE X1 Server leaf_search.php command injection
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276 Ilevia EVE X1 Server leaf_search.php command injection
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276
CVE-2025-14276 affects Ilevia EVE X1 Server (versions up to 4.6.5.0.eden). The vulnerability is described as a command injection in an unknown function of the file /ajax/php/leaf_search.php, caused by manipulation of the argument line. It can be triggered remotely, with a high attack complexity a...
Ilevia EVE X1 Server 命令注入漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A command injection vulnerability exists in Ilevia EVE X1 Server version 4.6.5.0.eden and prior versions, which stems from incorrect manipulation of the parameter line in the file /ajax/php/leafsearch.php, which coul...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
EUVD-2025-199599
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
CVE-2025-60739 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Ilevia EVE X1 Server Firmware versions prior to v4.7.18.0.eden and Ilevia EVE Logic prior to v6.00 - 2025_07_21. The issue is exploitable through the /bh_web_backend component, enabling a remote attacker to execute arbi...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server v4.7.18.0.eden and prior versions, which stems from a cross-site request forgery in the bhwebbackend component and could lead to arbitrary code execution...
PT-2025-48040
Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server Firmware versions prior to v4.7.18.0.eden Ilevia EVE Logic versions prior to v6.00 - 2025 07 21 Description A Cross Site Request Forgery CSRF issue exists in the /bh web backend component. This allows a remote attacker to...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60737
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
EUVD-2025-198313
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...