CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

ATTACKERKB•added 2026/03/09 12:0 a.m.•3 views

CVE-2025-70059

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

5.8AI score0.00339EPSS

Exploits0References4

Snyk•added 2026/02/25 6:32 p.m.•2 views

Improper Certificate Validation

Overview yapi-vendor is a YAPI Affected versions of this package are vulnerable to Improper Certificate Validation due to the HTTPS agent configuration setting rejectUnauthorized: false. An attacker can intercept and manipulate network traffic by performing a man-in-the-middle attack. Remediation...

9.3CVSS5.9AI score0.00169EPSS

Exploits0References2

RedhatCVE•added 2026/02/24 1:44 a.m.•3 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS5.3AI score0.00169EPSS

Exploits0References1

Github Security Blog•added 2026/02/23 6:32 p.m.•5 views

yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent

7.4CVSS5.4AI score0.00169EPSS

Exploits0References6Affected Software1

NVD•added 2026/02/23 4:29 p.m.•5 views

CVE-2025-70058

7.4CVSS0.00169EPSS

Exploits0References3

OSV•added 2026/02/23 4:29 p.m.•4 views

CVE-2025-70058

7.4CVSS5.9AI score

Exploits0References3

CNNVD•added 2026/02/23 12:0 a.m.•5 views

Sean1025 YMFE YApi 安全漏洞

Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for managing platforms. Version 1.12.0 of Sean1025 YMFE YApi contains a security vulnerability. This vulnerability stems from improper certificate verification, which may lead to the disabling o...

7.4CVSS5.8AI score0.00169EPSS

Exploits0References3

CVE•added 2026/02/23 12:0 a.m.•13 views

CVE-2025-70058

CVE-2025-70058 affects YMFE yapi v1.12.0. The root cause is improper TLS/SSL certificate validation caused by Axios HTTPS agent configuration that sets rejectUnauthorized to false, enabling MITM-like interception. Documented in multiple sources (YAPI-related advisories and NVD/Red Hat entries). T...

7.4CVSS5.4AI score0.00169EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/23 12:0 a.m.•20 views

CVE-2025-70058

0.00169EPSS

Exploits0References3

Positive Technologies•added 2026/02/23 12:0 a.m.•5 views

PT-2026-21525

Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests. This can lead to man-in-the-middle attacks where a malicio...

7.4CVSS5.2AI score0.00169EPSS

Exploits0References11

RedhatCVE•added 2026/01/09 11:29 a.m.•6 views

CVE-2021-27884

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

5.1CVSS6.8AI score0.00338EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-0584

Malware in sbrugna...

5.1CVSS5.3AI score0.00338EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-0732

Malware in sbrugna...

5.4CVSS5.5AI score0.00667EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-0328

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.0054EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 7:57 a.m.•5 views

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

7.4CVSS5.6AI score0.00493EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:42 p.m.•5 views

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

5.4CVSS6.3AI score0.0054EPSS

Exploits1

CNVD•added 2025/04/22 12:0 a.m.•2 views

Command Execution Vulnerability in YAPI of Shanghai Accenture Software Systems Co.

YAPI is an efficient, easy-to-use and powerful open source API management platform designed for developers, product and testers to provide elegant interface management services. A command execution vulnerability exists in YAPI of Shanghai Erlinger Software Systems Corporation, which can be...

7.9AI score

Exploits0

OSSF Malicious Packages•added 2024/12/19 1:15 p.m.•3 views

Malicious code in yapi-to-dts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19ac9578e805bf62c4ef65a0db4a50d37e5fa4953caa1e4774265c4f5d86277a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References3

OSV•added 2024/12/19 1:15 p.m.•4 views

MAL-2024-12063 Malicious code in yapi-to-dts (npm)

7AI score

Exploits0References3

OSV•added 2024/11/27 12:56 a.m.•7 views

MAL-2024-11047 Malicious code in json-schema-editor-visual-yapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2c434b89e0272562d45ccf56680fe4b6edf72651ddb2603233fa84ad67bf2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by