Every CVE whose affected-product data names Casbin Casdoor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2022-38638 — CVSS 9.1 (critical): Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
CVE-2024-41657 — CVSS 8.1 (high): Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic…
CVE-2022-44942 — CVSS 8.1 (high): Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.
CVE-2022-24124 — CVSS 7.5 (high): The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by…
CVE-2024-41264 — CVSS 7.5 (high): An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
CVE-2023-34927 — CVSS 6.5 (medium): Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This…
CVE-2024-41658 — CVSS 6.1 (medium): Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL…
CVE-2026-6815 — CVSS 5.9 (medium): An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an…
CVE-2026-5469 — CVSS 4.7 (medium): A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing…
CVE-2026-5467 — CVSS 4.3 (medium): A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth…
CVE-2026-5468 — CVSS 3.5 (low): A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the…