VYPR

Crafty Controller

by Crafty Controller

CVEs (6)

  • CVE-2026-5652CriApr 21, 2026
    risk 0.59cvss 9.0epss 0.00

    An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.

  • CVE-2026-0805Jan 30, 2026
    risk 0.00cvss epss 0.01

    An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

  • CVE-2026-0963Jan 30, 2026
    risk 0.00cvss epss 0.01

    An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

  • CVE-2025-14700Dec 17, 2025
    risk 0.00cvss epss 0.06

    An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

  • CVE-2025-14701Dec 17, 2025
    risk 0.00cvss epss 0.00

    An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

  • CVE-2025-5990Jun 15, 2025
    risk 0.00cvss epss 0.00

    An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.