Lucene search
+L

36 matches found

NVD
NVD
added 2026/02/23 4:29 p.m.10 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/23 12:0 a.m.25 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.12 views

PT-2026-21525

Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests. This can lead to man-in-the-middle attacks where a malicio...

7.4CVSS5.2AI score0.00169EPSS
Exploits0References11
OSV
OSV
added 2026/02/23 12:0 a.m.9 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS5.9AI score0.00169EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0732

Malware in sbrugna...

5.4CVSS5.5AI score0.00667EPSS
Exploits1References5
NVD
NVD
added 2021/03/01 11:15 p.m.20 views

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

5.1CVSS0.00338EPSS
Exploits0References2
OSV
OSV
added 2021/03/01 11:15 p.m.14 views

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

5.1CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2021/03/01 11:15 p.m.14 views

Code injection

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

3.6CVSS5.2AI score0.00338EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/01 11:0 p.m.60 views

CVE-2021-27884

The vulnerability CVE-2021-27884 affects YMFE YApi up to version 1.9.2, where JWT signing secret is generated using Math.random() in Node.js. This weak randomness allows an attacker to recreate other users’ JWTs by exploiting predictable secret generation. Connected advisories (GHSA-2H3H-VW8R-82R...

5.1CVSS5.2AI score0.00338EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/01 11:0 p.m.21 views

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

5.5AI score0.00338EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/11/21 10:19 p.m.24 views

Cross-site Scripting in yapi-vendor

An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...

5.4CVSS1.6AI score0.00667EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2018/10/08 12:0 a.m.8 views

YMFE YApi Cross-Site Scripting Vulnerability

YMFE YApi is a visual interface management platform. A cross-site scripting vulnerability exists in the item name field in YMFE YApi version 1.3.23. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

5.4CVSS5.2AI score0.00667EPSS
Exploits1References1
NVD
NVD
added 2018/09/28 9:29 a.m.24 views

CVE-2018-17574

An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...

5.4CVSS5.2AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2018/09/28 9:29 a.m.12 views

CVE-2018-17574

An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...

5.4CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added 2018/09/28 9:0 a.m.23 views

CVE-2018-17574

An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...

5.2AI score0.00667EPSS
Exploits1References1
CVE
CVE
added 2018/09/28 9:0 a.m.50 views

CVE-2018-17574

CVE-2018-17574 affects YMFE YApi 1.3.23 with a stored XSS vulnerability in the project name field. The issue is described across multiple sources (NVD entry and related advisories) as a stored cross-site scripting flaw in YMFE YApi 1.3.23; CVSS v3.0 base score 5.4 (MEDIUM), CVSS v2 base score 3.5...

5.4CVSS5.1AI score0.00667EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder