An open API service indexing awesome lists of open source software.

https://github.com/0xvpr/vpr-labs

Independent Software Research & Findings
https://github.com/0xvpr/vpr-labs

open-source security-research testing web-application

Last synced: about 1 year ago
JSON representation

Independent Software Research & Findings

Awesome Lists containing this project

README

          

VPR Labs






A repository dedicated to Independent security research of various hardware, software, platforms, and technologies.



All issues discovered by VPR Labs are subject to a 90-days disclosure deadline. After the deadline has passed, a report on a finding(s) is closed by the vendor without resolution, or a patch has been made available (whichever is earlier), the bug report will become visible to the public. As an exception, the timeline can be extended at the vendor’s request.

This work is licensed under the Createive Commons by ShareAlike - Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/.

## Vendors
#### [IceWhale Tech](./01-IceWhale)
| Discovered | Reported | Vendor | Version | Finding | Script/PoC | CVSS v4 Score | CVSS v4 Metrics |
|:----------:|:----------:|:------:|:---------:|:----------------------:|:------------------------------:|:-------------:|:---------------------------------------------------------------:|
| 2025-04-17 | 2025-05-01 | CasaOS | <= 0.4.15 | Information Disclosure | [VPR-2025-001](./01-IceWhale/VPR-2025-001) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | CasaOS | <= 0.4.15 | File Disclosure | [VPR-2025-002](./01-IceWhale/VPR-2025-002) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | ZimaOS | <= v1.4.1 | File Disclosure | [VPR-2025-002](./01-IceWhale/VPR-2025-002) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | CasaOS | <= 0.4.15 | Username Disclosure | [VPR-2025-003](./01-IceWhale/VPR-2025-003) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | CasaOS | <= 0.4.15 | Privilege Escalation | [VPR-2025-004](./01-IceWhale/VPR-2025-004) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 2025-04-21 | 2025-05-01 | CasaOS | <= 0.4.15 | Arbitrary File Read | [VPR-2025-005](./01-IceWhale/VPR-2025-005) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 2025-06-15 | 2025-06-15 | ZimaOS | <= v1.4.1 | Privilege Escalation | [VPR-2025-006](./01-IceWhale/VPR-2025-006) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 2025-06-15 | 2025-06-15 | ZimaOS | <= v1.4.1 | Arbitrary File Read | [VPR-2025-007](./01-IceWhale/VPR-2025-007) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |