Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2025/01/21 5:36 p.m.6 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS6AI score0.00623EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/01/21 5:36 p.m.16 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS0.00623EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/01/21 5:2 p.m.11 views

CVE-2025-24018 YesWiki Vulnerable to Authenticated Stored XSS

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

7.6CVSS0.00203EPSS
Exploits1References3
OSV
OSVadded 2025/01/21 5:2 p.m.6 views

CVE-2025-24018 YesWiki Vulnerable to Authenticated Stored XSS

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

7.6CVSS6.7AI score0.00203EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/01/21 3:37 p.m.12 views

CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS

YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...

7.6CVSS0.00285EPSS
Exploits1References2
CVE
CVEadded 2025/01/21 3:37 p.m.51 views

CVE-2025-24017

YesWiki DOM-based XSS (CVE-2025-24017) affects YesWiki up to version 4.4.5. The vulnerability stems from insufficient sanitization in the tag-search workflow: when a user-provided tag is reflected on pages, it can inject client-side script, enabling an attacker to craft a malicious link that trig...

7.6CVSS7.2AI score0.00285EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder