Lucene search
K

155 matches found

EUVD
EUVD
added 2025/11/25 6:32 p.m.4 views

EUVD-2025-199599

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

9.6CVSS7.3AI score0.00276EPSS
Exploits4References2
NVD
NVD
added 2025/11/25 4:16 p.m.7 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

9.6CVSS0.00276EPSS
Exploits4References1
OSV
OSV
added 2025/11/25 4:16 p.m.4 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

9.6CVSS6.2AI score0.00276EPSS
Exploits4References1
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.11 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

0.00276EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.6 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

7.4AI score0.00276EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/11/21 12:18 a.m.18 views

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

9.8CVSS8AI score0.00896EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/11/21 12:18 a.m.16 views

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...

6.1CVSS7.2AI score0.0027EPSS
Exploits1References1
OSV
OSV
added 2025/11/20 4:15 p.m.4 views

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References1
NVD
NVD
added 2025/11/20 4:15 p.m.9 views

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

9.8CVSS0.00896EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/11/20 12:0 a.m.11 views

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...

0.0027EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/20 12:0 a.m.8 views

EUVD-2025-198312

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...

6.7AI score0.0027EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.8 views

PT-2025-47592

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 2025 07 21 allows a remote attacker to execute arbitrary code via the /index.php component...

7.2AI score0.0027EPSS
Exploits1References2
CVE
CVE
added 2025/11/20 12:0 a.m.18 views

CVE-2025-60738

Affected product/versions: Ilevia EVE X1 Server Firmware v4.7.18.0.eden and prior, with Logic v6.00 - 2025_07_21 and before. Vulnerability: remote code execution via the ping.php component due to inadequate filtering of IP parameters, enabling arbitrary code execution. Impact: high impact (critic...

9.8CVSS7.6AI score0.00896EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2025/11/20 12:0 a.m.18 views

CVE-2025-60737

CVE-2025-60737 concerns a Cross Site Scripting vulnerability in the Ilevia EVE X1 Server Firmware (versions <= 4.7.18.0.eden:Logic

6.1CVSS6.8AI score0.0027EPSS
Exploits1References1Affected Software1
Zero Science Lab
Zero Science Lab
added 2025/11/13 12:0 a.m.181 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

8.8CVSS6AI score0.02071EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/10/17 6:44 p.m.18 views

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS7.1AI score0.0028EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2025/10/17 12:0 a.m.154 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...

6.1CVSS6.4AI score0.00371EPSS
Exploits3
OSV
OSV
added 2025/10/16 6:15 p.m.6 views

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

9.8CVSS5.8AI score0.00533EPSS
Exploits2References3
NVD
NVD
added 2025/10/16 6:15 p.m.6 views

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

8.7CVSS0.00599EPSS
Exploits3References3
NVD
NVD
added 2025/10/16 6:15 p.m.9 views

CVE-2025-34514

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...

8.8CVSS0.02071EPSS
Exploits3References3
Rows per page
Query Builder