CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Craftycontrol: >> Crafty Controller >> 4.0.10 Security Vulnerabilities

CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.

CVSS Score

9.0

EPSS Score

0.002

Published

2026-04-21

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

CVSS Score

7.1

EPSS Score

0.0

Published

2025-12-17

CVE-2024-1064

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

CVSS Score

7.5

EPSS Score

0.005

Published

2024-02-03

Page 1

Vulnerabilities

Vulnerable Software

Craftycontrol: >> Crafty Controller >> 4.0.10 Security Vulnerabilities

Products

Pricing

Contact Us