Lucene search
+L

257 matches found

Nuclei
Nuclei
added yesterday19 views

YesWiki < 4.5.4 - Cross-Site Scripting

YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...

6.1CVSS4.8AI score0.00498EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday95 views

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. id: CVE-2025-31131 info: name: Yeswiki 4.5.2 - Unauthenticated Path Traversal author: iamnoooob,rootxharsh,pdresearch severity: high...

8.6CVSS8.5AI score0.05366EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday8 views

YesWiki Reflected XSS via File Upload

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

7.6CVSS5.3AI score0.00582EPSS
Exploits1References2
Circl
Circl
added 2026/07/09 10:35 p.m.6 views

CVE-2026-52762

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:30+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-65p8-9433-jpcp...

5.9AI score0.00109EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.8 views

CVE-2026-52763

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:28+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-89v6-j5x6-cmj3...

5.9AI score0.00044EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.6 views

CVE-2026-52767

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:23+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-mv28-wj57-f57g...

5.9AI score0.00022EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.6 views

CVE-2026-52769

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:21+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-vw42-752g-5mrp...

5.9AI score0.00066EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.7 views

CVE-2026-52770

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:19+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-qg78-vmvc-fhjw...

5.9AI score0.00047EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.6 views

CVE-2026-52771

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:16+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-8f2v-2qhj-gfwg...

5.9AI score0.00033EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.9 views

CVE-2026-52772

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:14+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-xc7j-3g8q-9vh4...

5.9AI score0.00034EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.10 views

CVE-2026-52773

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:12+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-35f3-pg38-486f...

5.9AI score0.00031EPSS
Exploits0References1
Circl
Circl
added 2026/07/09 10:35 p.m.8 views

CVE-2026-52774

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:10+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r5xw-gcgw-hwp5 2026-07-13 06:00:05+00:00| confirmed|...

6.1AI score0.00039EPSS
Exploits0References2
Circl
Circl
added 2026/07/09 10:35 p.m.6 views

CVE-2026-52775

creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:07+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4pf7-cc4r-g63h...

5.9AI score0.00034EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 9:3 p.m.12 views

EUVD-2026-35181

YesWiki has Unsafe eval in its Formula Calculato, Leading to Remote Code Execution & Denial of Service...

9.8CVSS6.1AI score0.00561EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/09 9:2 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the deleteUserReaction process. An attacker can access and manipulate sensitive database information by injecting crafted SQL through the idreaction and id URL path parameters as an authenticated user. Remediation...

8.8CVSS6.1AI score0.00034EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 9:2 p.m.2 views

GHSA-4PF7-CC4R-G63H YesWiki has Authenticated SQL Injection via ReactionManager

Summary YesWiki through the latest development branch contains a SQL injection vulnerability in ReactionManager::deleteUserReaction that allows any authenticated user to inject arbitrary SQL via the idreaction and id URL path parameters. The parameters are concatenated directly into a SQL LIKE...

8.8CVSS6.2AI score0.00034EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/09 9:0 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the query or queries filters in public API endpoints. An attacker can access sensitive database information by injecting crafted SQL expressions into numeric filter parameters, allowing them to infer data based on the...

8.7CVSS6.1AI score0.00047EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:58 p.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...

8.8CVSS6.1AI score0.00022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.5 views

PT-2026-57027

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An issue exists in the erasespamedcomments wiki action, located in actions/EraseSpamedCommentsAction.php, which allows unauthenticated users to permanently delete arbitrary wiki pages. The action...

9.1CVSS6.2AI score0.00052EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/15 7:3 a.m.11 views

YesWiki < 4.6.4 - Unauthenticated SQL Injection

YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...

5.8AI score0.0004EPSS
Exploits0References2
Rows per page
Query Builder