IceWhaleTech — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting IceWhaleTech. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by IceWhaleTech:ZimaOS CasaOS-UserService CasaOS CasaOS-Gateway

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28798	Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOSCWE-918	9.1	Critical	2026-04-03
CVE-2026-28442	ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation — ZimaOSCWE-73	8.6	High	2026-03-05
CVE-2025-64427	ZimaOS is vulnerable to Server-Side Request Forgery (SSRF) — ZimaOSCWE-918	7.1	High	2026-03-02
CVE-2026-28286	ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API — ZimaOSCWE-73	8.6	High	2026-03-02
CVE-2026-21891	ZimaOS has Authentication Bypass via System-Level Username — ZimaOSCWE-287	9.4	Critical	2026-01-08
CVE-2025-58432	ZimaOS Privilege Escalation using localhost calls to File API Upload — ZimaOSCWE-250	7.8^AI	High^AI	2025-09-17
CVE-2025-58431	ZimaOS reads arbitrary files using localhost calls to File API Download — ZimaOSCWE-250	6.5^AI	Medium^AI	2025-09-17
CVE-2024-49359	ZimaOS vulnerable to Directory Listing via Parameter Manipulation — ZimaOSCWE-552	7.5	High	2024-10-24
CVE-2024-49358	ZimaOS vulnerable to Username Enumeration via API Responses — ZimaOSCWE-203	5.3	Medium	2024-10-24
CVE-2024-49357	ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak — ZimaOSCWE-200	7.5	High	2024-10-24
CVE-2024-48932	ZimaOS Unauthenticated API Discloses Usernames — ZimaOSCWE-284	5.3	Medium	2024-10-24
CVE-2024-48931	ZimaOS Arbitrary File Read via Parameter Manipulation — ZimaOSCWE-22	7.5	High	2024-10-24
CVE-2024-28232	Username Enumeration in CasaOS via bypass of CVE-2024-24766 — CasaOS-UserServiceCWE-204	6.2	Medium	2024-04-01
CVE-2024-24766	CasaOS Username Enumeration — CasaOS-UserServiceCWE-204	6.2	Medium	2024-03-06
CVE-2024-24767	CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability — CasaOS-UserServiceCWE-307	9.1	Critical	2024-03-06
CVE-2024-24765	CasaOS-UserService allows unauthorized access to any file — CasaOS-UserServiceCWE-200	7.5	High	2024-03-06
CVE-2023-37469	CasaOS Command Injection vulnerability — CasaOSCWE-77	8.8	High	2023-08-24
CVE-2023-37265	Incorrect identification of source IP addresses in CasaOS — CasaOS-GatewayCWE-306	9.8	Critical	2023-07-17
CVE-2023-37266	Weak json web token (JWT) secrets in CasaOS — CasaOSCWE-287	9.8	Critical	2023-07-17

This page lists every published CVE security advisory associated with IceWhaleTech. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

IceWhaleTech — Vulnerabilities & Security Advisories 19