Xiaoyunjie Openvpn-Cms-Flask vulnerabilities
2 known vulnerabilities affecting xiaoyunjie/openvpn-cms-flask.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-6775P2CRITICALCVSS 9.8fixed in 1.2.8v1.2.0+7 more2025-06-27
CVE-2025-6775 [CRITICAL] CWE-74 CVE-2025-6775: A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. T
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been
nvd
CVE-2025-6776P2CRITICALCVSS 9.8fixed in 1.2.8v1.2.0+7 more2025-06-27
CVE-2025-6776 [CRITICAL] CWE-22 CVE-2025-6776: A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This v
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to
nvd