cbcvebase.

Arcadia Technology Llc Crafty Controller vulnerabilities

7 known vulnerabilities affecting arcadia_technology_llc/crafty_controller.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-14700P2CRITICALCVSS 9.9v4.6.12025-12-17
CVE-2025-14700 [CRITICAL] CWE-1336 CVE-2025-14700: An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.
nvd
CVE-2026-0963P2HIGHCVSS 8.8≥ 4.7.0, < 4.8.02026-01-30
CVE-2026-0963 [HIGH] CWE-22 CVE-2026-0963: An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Contro An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
nvd
CVE-2026-0805P2HIGHCVSS 8.8≥ 4.5.0, < 4.8.02026-01-30
CVE-2026-0805 [HIGH] CWE-22 CVE-2026-0805: An input neutralization vulnerability in the Backup Configuration component of Crafty Controller all An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
nvd
CVE-2026-5652P3CRITICALCVSS 9.0≤ 4.10.22026-04-21
CVE-2026-5652 [CRITICAL] CWE-639 CVE-2026-5652: An insecure direct object reference vulnerability in the Users API component of Crafty Controller al An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.
nvd
CVE-2024-1064P3HIGHCVSS 7.5≥ 4.0.0, ≤ 4.2.22024-02-03
CVE-2024-1064 [HIGH] CWE-644 CVE-2024-1064: A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a re A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
nvd
CVE-2025-14701P3HIGHCVSS 7.1fixed in 4.6.22025-12-17
CVE-2025-14701 [HIGH] CWE-79 CVE-2025-14701: An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a rem An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.
nvd
CVE-2025-5990P4MEDIUMCVSS 5.4≥ 4.2.2, ≤ 4.2.3≥ 4.3.0, ≤ 4.3.2+1 more2025-06-15
CVE-2025-5990 [MEDIUM] CWE-79 CVE-2025-5990: An input neutralization vulnerability in the Server Name form and API Key form components of Crafty An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.
nvd
Arcadia Technology Llc Crafty Controller vulnerabilities | cvebase