59 matches found
CVE-2026-5652
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
Arcadia Crafty Controller 安全漏洞
Arcadia Crafty Controller is a server management panel developed under the open-source Crafty Controller project. There is a security vulnerability in Arcadia Crafty Controller. This vulnerability stems from a lack of resilience to unexpected messages from connection switches, which may lead to...
EUVD-2026-24199
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
CVE-2026-5652
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
CVE-2026-5652 Authorization Bypass Through User-Controlled Key in Crafty Controller
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
CVE-2026-5652
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
CVE-2026-5652
CVE-2026-5652 affects Crafty Controller’s Users API component, enabling an authenticated remote attacker to perform user modification actions due to improper API permissions validation. Reported CVSS 3.1 base score 9.0 (CRITICAL) with network attack vector, low attack complexity, high confidentia...
CVE-2026-0963
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805
CVE-2026-0805 affects Crafty Controller’s Backup Configuration component. The vulnerability is described as an input neutralization/path traversal weakness that could allow a remote, authenticated attacker to tamper files and achieve remote code execution. Reported CVSS v3.1 base score is 8.2 (HI...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
EUVD-2026-5043
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
EUVD-2026-5044
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963
The CVE-2026-0963 entry concerns Crafty Controller's File Operations API Endpoint, where an input neutralization flaw allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability affects the File Operations API Endpoint componen...