Vulnerabilidades en IceWhaleTech
19 resultadosCVE-2024-49357HIGHZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data LeakEPSS 20.6%CVE-2023-37265CRITICALIncorrect identification of source IP addresses in CasaOSEPSS 6.4%CVE-2023-37266CRITICALWeak json web token (JWT) secrets in CasaOSEPSS 5.9%CVE-2026-21891CRITICALZimaOS has Authentication Bypass via System-Level UsernameEPSS 2.2%CVE-2023-37469HIGHCasaOS Command Injection vulnerabilityEPSS 1.3%CVE-2024-24767CRITICALCasaOS Improper Restriction of Excessive Authentication Attempts vulnerabilityEPSS 1.0%CVE-2024-24765HIGHCasaOS-UserService allows unauthorized access to any fileEPSS 1.0%CVE-2024-49359HIGHZimaOS vulnerable to Directory Listing via Parameter ManipulationEPSS 1.0%CVE-2024-24766MEDIUMCasaOS Username EnumerationEPSS 0.8%CVE-2024-48931HIGHZimaOS Arbitrary File Read via Parameter ManipulationEPSS 0.7%CVE-2024-28232MEDIUMUsername Enumeration in CasaOS via bypass of CVE-2024-24766EPSS 0.6%CVE-2024-48932MEDIUMZimaOS Unauthenticated API Discloses UsernamesEPSS 0.5%CVE-2024-49358MEDIUMZimaOS vulnerable to Username Enumeration via API ResponsesEPSS 0.5%CVE-2026-28286HIGHZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via APIEPSS 0.4%CVE-2026-28798CRITICALArbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOSEPSS 0.4%CVE-2026-28442HIGHZimaOS: Arbitrary Deletion of Internal System Files via API Path ManipulationEPSS 0.3%CVE-2025-64427HIGHZimaOS is vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.2%CVE-2025-58431MEDIUMZimaOS reads arbitrary files using localhost calls to File API DownloadEPSS 0.2%CVE-2025-58432MEDIUMZimaOS Privilege Escalation using localhost calls to File API UploadEPSS 0.2%