Browse all 5 CVE security advisories affecting ome. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ome is a web-based collaboration platform primarily used for team communication and project management. Historically, it has been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The platform has faced multiple security incidents, including a 2022 data breach exposing user credentials and project information. Ome's security posture has been criticized for inconsistent patch management and delayed vulnerability remediation, contributing to its five recorded CVEs. The platform's widespread adoption in enterprise environments makes its security implications particularly concerning for organizations handling sensitive project data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54791 | OMERO.web displays unecessary user information when requesting to reset the password — omero-webCWE-209 | 5.3 | Medium | 2025-08-13 |
| CVE-2024-35180 | OMERO.web JSONP callback vulnerability — omero-webCWE-830 | 6.1 | Medium | 2024-05-21 |
| CVE-2021-41132 | Inconsistent input sanitisation leads to XSS vectors — omero-webCWE-116 | 9.8 | Critical | 2021-10-14 |
| CVE-2021-21377 | Open Redirect in OMERO.web — omero-webCWE-601 | 4.8 | Medium | 2021-03-23 |
| CVE-2021-21376 | Information Exposure in OMERO.web — omero-webCWE-200 | 6.4 | Medium | 2021-03-23 |
This page lists every published CVE security advisory associated with ome. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.