VYPR
Vendor

Crafty Controller

Products
2
CVEs
7
Across products
11
Status
Private

Products

2

Recent CVEs

7
  • CVE-2026-5652CriApr 21, 2026
    risk 0.59cvss 9.0epss 0.00

    An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.

  • CVE-2024-1064HigFeb 3, 2024
    risk 0.49cvss 7.5epss 0.01

    A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

  • CVE-2026-0805Jan 30, 2026
    risk 0.00cvss epss 0.01

    An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

  • CVE-2026-0963Jan 30, 2026
    risk 0.00cvss epss 0.01

    An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

  • CVE-2025-14700Dec 17, 2025
    risk 0.00cvss epss 0.06

    An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

  • CVE-2025-14701Dec 17, 2025
    risk 0.00cvss epss 0.00

    An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

  • CVE-2025-5990Jun 15, 2025
    risk 0.00cvss epss 0.00

    An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.