155 matches found
EUVD-2025-199599
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
CVE-2025-60737
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...
CVE-2025-60737
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
CVE-2025-60737
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...
EUVD-2025-198312
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...
PT-2025-47592
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 2025 07 21 allows a remote attacker to execute arbitrary code via the /index.php component...
CVE-2025-60738
Affected product/versions: Ilevia EVE X1 Server Firmware v4.7.18.0.eden and prior, with Logic v6.00 - 2025_07_21 and before. Vulnerability: remote code execution via the ping.php component due to inadequate filtering of IP parameters, enabling arbitrary code execution. Impact: high impact (critic...
CVE-2025-60737
CVE-2025-60737 concerns a Cross Site Scripting vulnerability in the Ilevia EVE X1 Server Firmware (versions <= 4.7.18.0.eden:Logic
Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
📄 Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...
CVE-2025-34516
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34517
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34514
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...