Lucene search
K

7 matches found

Circl
Circl
added 2 days ago4 views

CVE-2026-52769

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:21+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-vw42-752g-5mrp...

5.9AI score0.00066EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2024-2932

Malicious code in bioql PyPI...

9.9CVSS6.3AI score0.00368EPSS
Exploits1References5
OSV
OSV
added 2025/04/29 8:39 p.m.8 views

CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

10CVSS6.3AI score0.00569EPSS
Exploits1References4
NVD
NVD
added 2025/04/29 6:15 p.m.47 views

CVE-2025-46350

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

4.8CVSS0.00241EPSS
Exploits1References2
CVE
CVE
added 2025/04/29 5:11 p.m.78 views

CVE-2025-46347

CVE-2025-46347 YesWiki is a remote code execution vulnerability in YesWiki up to version 4.5.3 (patched in 4.5.4). The issue allows an arbitrary file write and execution when a PHP file is created via a user-writable directory, enabling an attacker to browse the PHP file and run code on the serve...

9.8CVSS8AI score0.00821EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/04/29 5:11 p.m.42 views

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

6.5CVSS0.00821EPSS
Exploits1References2
OSV
OSV
added 2025/04/01 6:31 p.m.12 views

GHSA-W34W-FVP3-68XM Yeswiki Path Traversal vulnerability allows arbitrary read of files

Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...

8.6CVSS7AI score0.05366EPSS
Exploits6References4
Rows per page
Query Builder