CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

164 matches found

Yii2 PHP Framework < 2.0.52 - Remote Code Execution

Yii2 PHP Framework before 2.0.52 is vulnerable to remote code execution via improper validation of the class key in JSON behaviors. An attacker can instantiate arbitrary PHP classes and achieve RCE. id: CVE-2024-58136 info: name: Yii2 PHP Framework 2.0.52 - Remote Code Execution author:...

9.8CVSS8.7AI score0.77265EPSS

Exploits1References2

GithubExploit•added 2026/05/15 2:9 p.m.•89 views

Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-32432 - Craft CMS Unauthenticated RCE PoC Working...

10CVSS8.1AI score0.93094EPSS

Exploits13

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.01521EPSS

Exploits0References1

Snyk•added 2026/05/02 3:31 a.m.•4 views

Arbitrary Command Injection

Overview yii2-mcp-server is a MCP Server for Yii2 Framework - Database schema inspection, command execution, and project management Affected versions of this package are vulnerable to Arbitrary Command Injection via the yiicommandhelp or yiiexecutecommand functions in the MCP Interface. An attack...

6.5CVSS6.1AI score0.01521EPSS

Exploits0References2

Github Security Blog•added 2026/05/02 3:31 a.m.•4 views

yii2-mcp-server has a Command Injection Issue

6.5CVSS6.3AI score0.01521EPSS

Exploits0References8Affected Software1

OSV•added 2026/05/02 3:31 a.m.•1 views

GHSA-GC8W-X73W-P4RH yii2-mcp-server has a Command Injection Issue

6.3CVSS6.3AI score0.01521EPSS

Exploits0References7

NVD•added 2026/05/02 1:16 a.m.•3 views

CVE-2026-7600

6.5CVSS0.01521EPSS

Exploits0References6

EUVD•added 2026/05/02 12:15 a.m.•3 views

EUVD-2026-26725

6.5CVSS6.3AI score0.01521EPSS

Exploits0References6

Vulnrichment•added 2026/05/02 12:15 a.m.•0 views

CVE-2026-7600 ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection

6.5CVSS6.3AI score0.01521EPSS

Exploits0References6

CVE•added 2026/05/02 12:15 a.m.•12 views

CVE-2026-7600

ArtMin96 yii2-mcp-server 1.0.2 is affected. The vulnerability resides in the MCP Interface’s src/index.ts, specifically the yii_command_help/yii_execute_command functions, enabling remote os command injection. Attack requires no authentication and can be exploited remotely; an exploit has been pu...

6.5CVSS6.3AI score0.01521EPSS

Exploits0References6

RedhatCVE•added 2026/03/26 3:2 p.m.•2 views

CVE-2026-32263

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

8.6CVSS5.7AI score0.00048EPSS

Exploits0References1

OSV•added 2026/03/10 7:52 p.m.•1 views

CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part column name is passed directly as an array key to orderBy without whitelist...

8.7CVSS6AI score0.00015EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 12:27 p.m.•7 views

CVE-2018-12290

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS...

6.1CVSS6.9AI score0.0024EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2074

Malware in sbrugna...

8.1CVSS7.8AI score0.00449EPSS

Exploits1References5