36 matches found
CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...
CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...
PT-2026-21525
Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests. This can lead to man-in-the-middle attacks where a malicio...
CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...
EUVD-2018-0732
Malware in sbrugna...
CVE-2021-27884
Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...
CVE-2021-27884
Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...
Code injection
Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...
CVE-2021-27884
The vulnerability CVE-2021-27884 affects YMFE YApi up to version 1.9.2, where JWT signing secret is generated using Math.random() in Node.js. This weak randomness allows an attacker to recreate other users’ JWTs by exploiting predictable secret generation. Connected advisories (GHSA-2H3H-VW8R-82R...
CVE-2021-27884
Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...
Cross-site Scripting in yapi-vendor
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...
YMFE YApi Cross-Site Scripting Vulnerability
YMFE YApi is a visual interface management platform. A cross-site scripting vulnerability exists in the item name field in YMFE YApi version 1.3.23. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2018-17574
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...
CVE-2018-17574
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...
CVE-2018-17574
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project...
CVE-2018-17574
CVE-2018-17574 affects YMFE YApi 1.3.23 with a stored XSS vulnerability in the project name field. The issue is described across multiple sources (NVD entry and related advisories) as a stored cross-site scripting flaw in YMFE YApi 1.3.23; CVSS v3.0 base score 5.4 (MEDIUM), CVSS v2 base score 3.5...