https://github.com/0xvpr/vpr-labs
Independent Software Research & Findings
https://github.com/0xvpr/vpr-labs
open-source security-research testing web-application
Last synced: about 1 year ago
JSON representation
Independent Software Research & Findings
- Host: GitHub
- URL: https://github.com/0xvpr/vpr-labs
- Owner: 0xvpr
- License: other
- Created: 2025-06-25T02:00:41.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-25T03:33:10.000Z (about 1 year ago)
- Last Synced: 2025-06-25T03:38:19.678Z (about 1 year ago)
- Topics: open-source, security-research, testing, web-application
- Language: Python
- Homepage: https://0xvpr.io/research
- Size: 3.91 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
VPR Labs
A repository dedicated to Independent security research of various hardware, software, platforms, and technologies.
All issues discovered by VPR Labs are subject to a 90-days disclosure deadline. After the deadline has passed, a report on a finding(s) is closed by the vendor without resolution, or a patch has been made available (whichever is earlier), the bug report will become visible to the public. As an exception, the timeline can be extended at the vendor’s request.
This work is licensed under the Createive Commons by ShareAlike - Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/.
## Vendors
#### [IceWhale Tech](./01-IceWhale)
| Discovered | Reported | Vendor | Version | Finding | Script/PoC | CVSS v4 Score | CVSS v4 Metrics |
|:----------:|:----------:|:------:|:---------:|:----------------------:|:------------------------------:|:-------------:|:---------------------------------------------------------------:|
| 2025-04-17 | 2025-05-01 | CasaOS | <= 0.4.15 | Information Disclosure | [VPR-2025-001](./01-IceWhale/VPR-2025-001) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | CasaOS | <= 0.4.15 | File Disclosure | [VPR-2025-002](./01-IceWhale/VPR-2025-002) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | ZimaOS | <= v1.4.1 | File Disclosure | [VPR-2025-002](./01-IceWhale/VPR-2025-002) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | CasaOS | <= 0.4.15 | Username Disclosure | [VPR-2025-003](./01-IceWhale/VPR-2025-003) | 6.9/10 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| 2025-04-18 | 2025-05-01 | CasaOS | <= 0.4.15 | Privilege Escalation | [VPR-2025-004](./01-IceWhale/VPR-2025-004) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 2025-04-21 | 2025-05-01 | CasaOS | <= 0.4.15 | Arbitrary File Read | [VPR-2025-005](./01-IceWhale/VPR-2025-005) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 2025-06-15 | 2025-06-15 | ZimaOS | <= v1.4.1 | Privilege Escalation | [VPR-2025-006](./01-IceWhale/VPR-2025-006) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 2025-06-15 | 2025-06-15 | ZimaOS | <= v1.4.1 | Arbitrary File Read | [VPR-2025-007](./01-IceWhale/VPR-2025-007) | 9.3/10 | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |