Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14701 2 Arcadia Technology, Craftycontrol 2 Crafty Controller, Crafty Controller 2025-12-23 7.1 High
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.
CVE-2025-14700 2 Arcadia Technology, Craftycontrol 2 Crafty Controller, Crafty Controller 2025-12-23 9.9 Critical
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.
CVE-2025-5990 1 Craftycontrol 1 Crafty Controller 2025-08-11 7.6 High
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.
CVE-2024-1064 1 Craftycontrol 1 Crafty Controller 2024-11-21 7.5 High
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header