Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IceWhaleTech — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting IceWhaleTech. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IceWhaleTech develops enterprise collaboration software with a core focus on secure team communication and document management. Historically, their products have been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation vulnerabilities, accounting for the majority of their 19 recorded CVEs. The company has faced scrutiny for inconsistent patch release timelines and insufficient input validation in web interfaces. While no major public security breaches have been documented, their vulnerability history suggests a pattern of security gaps in authentication mechanisms and API endpoints that have allowed unauthorized access and system compromise in multiple instances.

Found 12 results / 19Clear Filters
Top products by IceWhaleTech: ZimaOS CasaOS-UserService CasaOS CasaOS-Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOSCWE-918 9.1 Critical2026-04-03
CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation — ZimaOSCWE-73 8.6 High2026-03-05
CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF) — ZimaOSCWE-918 7.1 High2026-03-02
CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API — ZimaOSCWE-73 8.6 High2026-03-02
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username — ZimaOSCWE-287 9.4 Critical2026-01-08
CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload — ZimaOSCWE-250 7.8AIHighAI2025-09-17
CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download — ZimaOSCWE-250 6.5AIMediumAI2025-09-17
CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation — ZimaOSCWE-552 7.5 High2024-10-24
CVE-2024-49358 ZimaOS vulnerable to Username Enumeration via API Responses — ZimaOSCWE-203 5.3 Medium2024-10-24
CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak — ZimaOSCWE-200 7.5 High2024-10-24
CVE-2024-48932 ZimaOS Unauthenticated API Discloses Usernames — ZimaOSCWE-284 5.3 Medium2024-10-24
CVE-2024-48931 ZimaOS Arbitrary File Read via Parameter Manipulation — ZimaOSCWE-22 7.5 High2024-10-24

This page lists every published CVE security advisory associated with IceWhaleTech. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.