Sean1025 YMFE YApi 安全漏洞

Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for managing platforms. Version 1.12.0 of Sean1025 YMFE YApi contains a security vulnerability. This vulnerability stems from improper certificate verification, which may lead to the disabling o...

CVE-2025-70058

CVE-2025-70058 affects YMFE yapi v1.12.0. The root cause is improper TLS/SSL certificate validation caused by Axios HTTPS agent configuration that sets rejectUnauthorized to false, enabling MITM-like interception. Documented in multiple sources (YAPI-related advisories and NVD/Red Hat entries). T...

Command Execution Vulnerability in YAPI of Shanghai Accenture Software Systems Co.

YAPI is an efficient, easy-to-use and powerful open source API management platform designed for developers, product and testers to provide elegant interface management services. A command execution vulnerability exists in YAPI of Shanghai Erlinger Software Systems Corporation, which can be...

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...