Zimaspace

Zimaos

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2026-28798

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.04.2026 20:00:48
  • Zuletzt bearbeitet 13.04.2026 18:27:54

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Cloudf...

8.5

CVE-2026-28442

Exploit
  • EPSS 0.06%
  • Veröffentlicht 05.03.2026 20:38:37
  • Zuletzt bearbeitet 12.03.2026 13:07:49

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting di...

6.5

CVE-2025-64427

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 16:28:42
  • Zuletzt bearbeitet 05.03.2026 15:18:14

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target intern...

9.9

CVE-2026-28286

Exploit
  • EPSS 0.08%
  • Veröffentlicht 02.03.2026 16:28:39
  • Zuletzt bearbeitet 05.03.2026 15:16:02

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. Howe...

9.8

CVE-2026-21891

Exploit
  • EPSS 14.13%
  • Veröffentlicht 08.01.2026 14:00:14
  • Zuletzt bearbeitet 12.01.2026 17:13:00

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the p...

7.8

CVE-2025-58432

Exploit
  • EPSS 0.04%
  • Veröffentlicht 17.09.2025 17:31:20
  • Zuletzt bearbeitet 22.09.2025 14:24:42

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads ...

6.2

CVE-2025-58431

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.09.2025 17:25:08
  • Zuletzt bearbeitet 22.09.2025 14:21:36

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed A...

5.3

CVE-2024-49358

Exploit
  • EPSS 0.34%
  • Veröffentlicht 24.10.2024 22:15:04
  • Zuletzt bearbeitet 22.09.2025 14:21:56

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-IP>/v1/users/login` in ZimaOS returns distinct responses based on whether a usern...

7.5

CVE-2024-49359

Exploit
  • EPSS 0.83%
  • Veröffentlicht 24.10.2024 22:15:04
  • Zuletzt bearbeitet 22.09.2025 14:21:53

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in ZimaOS is vulnerable to a directory traversal attack,...

7.5

CVE-2024-49357

Exploit
  • EPSS 75.83%
  • Veröffentlicht 24.10.2024 22:15:03
  • Zuletzt bearbeitet 22.09.2025 14:21:51

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_order.json` and...