Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2025/04/29 8:39 p.m.4 views

CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

10CVSS6.3AI score0.00441EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/04/29 5:11 p.m.15 views

CVE-2025-46349 YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

7.6CVSS0.00542EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/02/06 2:32 a.m.6 views

CVE-2025-24019

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS6.4AI score0.00623EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/06 2:31 a.m.5 views

CVE-2025-24018

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

7.6CVSS5.5AI score0.00203EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/01/21 3:37 p.m.4 views

CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS

YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...

7.6CVSS7.2AI score0.00285EPSS
Exploits1References2
CVE
CVEadded 2025/01/21 3:37 p.m.49 views

CVE-2025-24017

YesWiki DOM-based XSS (CVE-2025-24017) affects YesWiki up to version 4.4.5. The vulnerability stems from insufficient sanitization in the tag-search workflow: when a user-provided tag is reflected on pages, it can inject client-side script, enabling an attacker to craft a malicious link that trig...

7.6CVSS7.2AI score0.00285EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder