Lucene search
K

110 matches found

OSV
OSV
added 2026/03/05 8:38 p.m.5 views

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

ZimaOS 安全漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from insufficient validation of API path parameters. This...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23517

Name of the Vulnerable Software and Affected Versions ZimaOS version 1.5.2-beta3 Description ZimaOS, a fork of CasaOS, exhibits a security issue where restrictions on deleting internal system files and folders can be bypassed through manipulation of the API. Specifically, altering the path...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.5 views

CVE-2025-64427

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2026-28286

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

9.9CVSS6AI score0.0041EPSS
Exploits2References1
NVD
NVD
added 2026/03/02 5:16 p.m.8 views

CVE-2025-64427

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS0.00238EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 4:28 p.m.4 views

CVE-2025-64427

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 4:28 p.m.3 views

CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/02 4:28 p.m.20 views

CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS0.00238EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/02 4:28 p.m.5 views

EUVD-2025-208196

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References1
CVE
CVE
added 2026/03/02 4:28 p.m.19 views

CVE-2025-64427

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) is vulnerable to Server-Side Request Forgery (SSRF) in version 1.5.0 and earlier. An authenticated local user can craft requests to internal targets (127.0.0.1, localhost, private ranges) due to insufficient URL validation/restriction, ...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/02 4:28 p.m.4 views

CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/02 4:28 p.m.3 views

CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

8.5CVSS6AI score0.0041EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/02 4:28 p.m.18 views

CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

8.5CVSS0.0041EPSS
Exploits2References1
OSV
OSV
added 2026/03/02 4:28 p.m.5 views

CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

8.5CVSS6AI score0.0041EPSS
Exploits2References3
EUVD
EUVD
added 2026/03/02 4:28 p.m.5 views

EUVD-2026-9206

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

8.5CVSS6AI score0.0041EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 4:28 p.m.6 views

CVE-2026-28286

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

9.9CVSS6AI score0.0041EPSS
Exploits2References2
CVE
CVE
added 2026/03/02 4:28 p.m.16 views

CVE-2026-28286

ZimaOS 1.5.2-beta3 is affected: the UI blocks file/folder creation in internal paths, but the API bypasses this validation, allowing arbitrary file/directory creation in sensitive dirs (e.g., /etc, /usr) via crafted requests. Root cause is improper API path validation, enabling path traversal-lik...

9.9CVSS6AI score0.0041EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

ZimaOS 安全漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from the API not properly verifying target paths. This could le...

9.9CVSS5.8AI score0.0041EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22628

Name of the Vulnerable Software and Affected Versions ZimaOS version 1.5.2-beta3 Description ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application restricts file and folder creation in internal OS paths through the...

9.9CVSS5.9AI score0.0041EPSS
Exploits2References14
Rows per page
Query Builder