Lucene search
K

84 matches found

Github Security Blog
Github Security Blog
added 2026/05/22 3:39 p.m.13 views

YesWiki: Unauthenticated SQL Injection

Summary An unauthenticated SQL injection in the Bazar form-import path FormManager::create allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an INSERT statement and read the full database, including yeswikiusers.password hashes. Present in 4.6.1 / 4.6.2 ...

6AI score0.0004EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-1974

Malware in sbrugna...

9.8CVSS9.5AI score0.02491EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-12615

Malicious code in bioql PyPI...

7.6CVSS6.3AI score0.00582EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12628

Malicious code in bioql PyPI...

6.3CVSS6.3AI score0.00276EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0203

Malicious code in bioql PyPI...

7.6CVSS6.3AI score0.00337EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12616

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00241EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0129

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00568EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12664

Malicious code in bioql PyPI...

10CVSS6.3AI score0.00569EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12663

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00498EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12662

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00498EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-12614

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00821EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/06/07 9:18 a.m.329 views

Exploit for Path Traversal in Yeswiki

Blackash-CVE-2025-31131 CVE-2025-31131 - YesWiki 4.5.2 Path...

8.6CVSS7.7AI score0.05366EPSS
Exploits6
Veracode
Veracode
added 2025/05/07 6:14 a.m.9 views

Reflected Cross-Site Scripting (Reflected XSS)

yeswiki/yeswiki is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the file upload form, which allows attackers to craft malicious links that execute arbitrary scripts in the victim’s browser...

7.6CVSS6.5AI score0.00582EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2025/05/07 5:24 a.m.19 views

Remote Code Execution (RCE)

yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...

9.8CVSS7.5AI score0.00821EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/05/07 5:20 a.m.9 views

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user-supplied input in URLs, which allows attackers to inject malicious scripts that are reflected in the server’s response...

4.8CVSS6.1AI score0.00241EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/05/07 5:19 a.m.9 views

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization of the idformulaire parameter on the /?BazaR endpoint, which allows attackers to perform reflected cross-site scripting attacks to steal session cookies, hijack user sessions,...

6.1CVSS5.7AI score0.00498EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/01 5:24 p.m.14 views

CVE-2025-46350

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

4.8CVSS6AI score0.00241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 4:26 p.m.19 views

CVE-2025-46346

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

6.3CVSS5.1AI score0.00276EPSS
Exploits1References1
NVD
NVD
added 2025/04/29 9:15 p.m.25 views

CVE-2025-46550

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...

6.1CVSS0.00498EPSS
Exploits1References2
NVD
NVD
added 2025/04/29 9:15 p.m.48 views

CVE-2025-46549

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

6.1CVSS0.00498EPSS
Exploits1References2
Rows per page
Query Builder