VYPR

CasaOS

by CasaOS

CVEs (2)

  • CVE-2022-24193CriMar 10, 2022
    risk 0.57cvss 9.8epss 0.06

    CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.

  • CVE-2025-34171Jan 3, 2026
    risk 0.00cvss epss 0.01

    CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access…