Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IceWhaleTech — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting IceWhaleTech. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IceWhaleTech develops enterprise collaboration software with a core focus on secure team communication and document management. Historically, their products have been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation vulnerabilities, accounting for the majority of their 19 recorded CVEs. The company has faced scrutiny for inconsistent patch release timelines and insufficient input validation in web interfaces. While no major public security breaches have been documented, their vulnerability history suggests a pattern of security gaps in authentication mechanisms and API endpoints that have allowed unauthorized access and system compromise in multiple instances.

Top products by IceWhaleTech: ZimaOS CasaOS-UserService CasaOS CasaOS-Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOSCWE-918 9.1 Critical2026-04-03
CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation — ZimaOSCWE-73 8.6 High2026-03-05
CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF) — ZimaOSCWE-918 7.1 High2026-03-02
CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API — ZimaOSCWE-73 8.6 High2026-03-02
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username — ZimaOSCWE-287 9.4 Critical2026-01-08
CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload — ZimaOSCWE-250 7.8AIHighAI2025-09-17
CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download — ZimaOSCWE-250 6.5AIMediumAI2025-09-17
CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation — ZimaOSCWE-552 7.5 High2024-10-24
CVE-2024-49358 ZimaOS vulnerable to Username Enumeration via API Responses — ZimaOSCWE-203 5.3 Medium2024-10-24
CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak — ZimaOSCWE-200 7.5 High2024-10-24
CVE-2024-48932 ZimaOS Unauthenticated API Discloses Usernames — ZimaOSCWE-284 5.3 Medium2024-10-24
CVE-2024-48931 ZimaOS Arbitrary File Read via Parameter Manipulation — ZimaOSCWE-22 7.5 High2024-10-24
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766 — CasaOS-UserServiceCWE-204 6.2 Medium2024-04-01
CVE-2024-24766 CasaOS Username Enumeration — CasaOS-UserServiceCWE-204 6.2 Medium2024-03-06
CVE-2024-24767 CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability — CasaOS-UserServiceCWE-307 9.1 Critical2024-03-06
CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file — CasaOS-UserServiceCWE-200 7.5 High2024-03-06
CVE-2023-37469 CasaOS Command Injection vulnerability — CasaOSCWE-77 8.8 High2023-08-24
CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS — CasaOS-GatewayCWE-306 9.8 Critical2023-07-17
CVE-2023-37266 Weak json web token (JWT) secrets in CasaOS — CasaOSCWE-287 9.8 Critical2023-07-17

This page lists every published CVE security advisory associated with IceWhaleTech. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.