Product
craftycontrol crafty controller
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-5652
CVE-2026-0963
CVE-2026-0805
CVE-2025-14701
CVE-2025-14700
CVE-2025-5990
CVE-2024-1064
< 4.10.4
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated a
all versions
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenti
>= 4.5.0 and < 4.8.0
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated at
< 4.6.2
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker
all versions
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attack
>= 4.3.0 and < 4.3.2
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, au
>= 4.0.0 and <= 4.2.2
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker