VYPR
Vendor

Ilevia Srl.

Products
2
CVEs
17
Across products
19
Status
Private

Products

2

Recent CVEs

17
  • CVE-2025-34186CriSep 16, 2025
    risk 0.64cvss 9.8epss 0.01

    Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary…

  • CVE-2025-34512MedOct 16, 2025
    risk 0.40cvss 6.1epss 0.00

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability,…

  • CVE-2025-14276MedDec 8, 2025
    risk 0.36cvss 5.6epss 0.01

    A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is…

  • CVE-2025-34513Oct 16, 2025
    risk 0.01cvss epss 0.08

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that…

  • CVE-2025-60739Nov 25, 2025
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /bh_web_backend component

  • CVE-2025-60738Nov 20, 2025
    risk 0.00cvss epss 0.01

    An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters

  • CVE-2025-60737Nov 20, 2025
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component

  • CVE-2025-34517Oct 16, 2025
    risk 0.00cvss epss 0.01

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose…

  • CVE-2025-34514Oct 16, 2025
    risk 0.00cvss epss 0.02

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this…

  • CVE-2025-34519Oct 16, 2025
    risk 0.00cvss epss 0.00

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the…

  • CVE-2025-34518Oct 16, 2025
    risk 0.00cvss epss 0.01

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port…

  • CVE-2025-34515Oct 16, 2025
    risk 0.00cvss epss 0.07

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers…

  • CVE-2025-34516Oct 16, 2025
    risk 0.00cvss epss 0.01

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to…

  • CVE-2025-34187Sep 16, 2025
    risk 0.00cvss epss 0.03

    Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with…

  • CVE-2025-34185Sep 16, 2025
    risk 0.00cvss epss 0.01

    Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.

  • CVE-2025-34184Sep 16, 2025
    risk 0.00cvss epss 0.03

    Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full…

  • CVE-2025-34183Sep 16, 2025
    risk 0.00cvss epss 0.01

    Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise…