Lucene search
+L

146 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29749

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00164EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29750

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00191EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0897

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00977EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2024-0898

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00758EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/19 5:33 p.m.6 views

CVE-2025-58432

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

7.8CVSS7AI score0.00164EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/19 5:33 p.m.6 views

CVE-2025-58431

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.2CVSS6.8AI score0.00191EPSS
Exploits1References1
CVE
CVE
added 2025/09/17 5:31 p.m.21 views

CVE-2025-58432

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) contains a local privilege-escalation flaw in the /v2_1/files/file/uploadV2 API. In versions before and including 1.4.1, any user with localhost access can upload files via this endpoint and have them executed with root privileges, enab...

7.8CVSS6.6AI score0.00164EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/17 5:31 p.m.5 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS6.6AI score0.00164EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.7 views

CVE-2024-28232

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

7.5CVSS6.7AI score0.00618EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.6 views

CVE-2024-24766

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. I...

7.5CVSS6.3AI score0.00758EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.7 views

CVE-2023-37266

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS7.9AI score0.06789EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:13 a.m.13 views

CVE-2023-37265

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS7.7AI score0.07356EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 p.m.10 views

CVE-2022-24193

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability...

9.8CVSS7.8AI score0.05967EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:19 a.m.11 views

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.8CVSS6.9AI score0.00977EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:16 a.m.7 views

CVE-2024-24765

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

9.8CVSS6.9AI score0.00971EPSS
Exploits1References1
NVD
NVD
added 2024/10/24 10:15 p.m.29 views

CVE-2024-49358

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS0.00463EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 10:15 p.m.31 views

CVE-2024-49357

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS0.20599EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/24 9:25 p.m.24 views

CVE-2024-49358 ZimaOS vulnerable to Username Enumeration via API Responses

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS0.00463EPSS
Exploits1References2
OSV
OSV
added 2024/10/24 9:25 p.m.16 views

CVE-2024-49358 ZimaOS vulnerable to Username Enumeration via API Responses

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS6.7AI score0.00463EPSS
Exploits1References4
OSV
OSV
added 2024/10/24 9:21 p.m.13 views

CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS6.9AI score0.20599EPSS
Exploits1References4
Rows per page
Query Builder