📦 Casaos

CVE-2024-24767 is a critical authentication vulnerability in CasaOS-UserService that allows attackers to perform unlimited password brute force attacks against the login system. This can lead to compl...

CVE-2023-37266 allows unauthenticated attackers to bypass authentication in CasaOS by crafting arbitrary JWTs, gaining root access to execute arbitrary commands. This affects all CasaOS instances runn...

CVE-2022-24193 is a command injection vulnerability in CasaOS versions before 0.2.7 that allows attackers to execute arbitrary commands on the system. This affects all CasaOS installations running vul...

CVE-2024-24765 is a path traversal vulnerability in CasaOS-UserService that allows unauthorized file access due to insufficient URL filtering for avatar images. Attackers can read arbitrary files on t...

CVE-2023-37469 is a command injection vulnerability in CasaOS personal cloud software that allows authenticated users to execute arbitrary commands by connecting to a malicious SMB server. This affect...

CasaOS versions up to 0.4.15 expose unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. Attackers can access application confi...