Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2388

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01588EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/06/05 4:53 p.m.135 views

Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs...

6.5CVSS6.6AI score0.00283EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/05 4:33 p.m.11 views

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

5CVSS6.5AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2025/06/05 4:33 p.m.572 views

CVE-2025-48493

The vulnerability CVE-2025-48493 affects the Yii 2 Redis extension (yii2-redis) used with Yii Framework 2.0. Prior to version 2.0.20, AUTH credentials are logged in plain text when a connection fails, exposing usernames and passwords to anyone with access to the logs. The issue is mitigated by up...

6.5CVSS6.8AI score0.00283EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/05 12:0 a.m.6 views

PT-2025-23939 · Yii · Yii 2 Redis Extension

Name of the Vulnerable Software and Affected Versions: Yii 2 Redis extension versions prior to 2.0.20 Description: The issue concerns the logging of commands when a connection fails in the Yii 2 Redis extension. Specifically, prior to version 2.0.20, AUTH parameters are written in plain text,...

6.5CVSS6.4AI score0.00283EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.7 views

CVE-2022-31454

Yii 2 v2.0.45 was discovered to contain a cross-site scripting XSS vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/12 12:1 a.m.64 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.2AI score0.84758EPSS
Exploits2References1
NVD
NVD
added 2025/04/10 3:15 a.m.29 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS0.84758EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/04/10 12:0 a.m.27 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS6.7AI score0.84758EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/04/10 12:0 a.m.82 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS0.84758EPSS
Exploits1References5
OSV
OSV
added 2025/04/10 12:0 a.m.25 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS9.1AI score0.84758EPSS
Exploits1References9
CVE
CVE
added 2025/04/10 12:0 a.m.326 views

CVE-2024-58136

CVE-2024-58136 describes an RCE risk in CraftCMS tied to Yii2 behavior injection via the fieldLayout JSON posted to assembleLayoutFromPost. The root cause is unfiltered user data passed to Craft::createObject() and a missing cleanseConfig() before using the fieldLayout config, permitting an attac...

9.8CVSS9AI score0.84758EPSS
In wildExploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:58 p.m.11 views

CVE-2020-15148

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory...

10CVSS7.6AI score0.78759EPSS
Exploits0
CVE
CVE
added 2024/05/30 7:52 p.m.80 views

CVE-2024-32877

CVE-2024-32877 (Yii2): The vulnerability affects Yii2 (2.0.49.3) via the stack-trace display mechanism, where argument values longer than 32 characters are truncated but the full value is exposed in the title attribute. A double quote (") can break out of the title context and inject attributes (...

4.7CVSS4.5AI score0.00347EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/07/28 2:15 a.m.20 views

CVE-2022-31454

Yii 2 v2.0.45 was discovered to contain a cross-site scripting XSS vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2...

6.1CVSS6.1AI score0.00395EPSS
Exploits0References1
Prion
Prion
added 2023/07/28 2:15 a.m.18 views

Cross site scripting

Yii 2 v2.0.45 was discovered to contain a cross-site scripting XSS vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2...

5.8CVSS6AI score0.00395EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/28 12:0 a.m.61 views

CVE-2022-31454

The connected sources confirm a cross-site scripting (XSS) vulnerability in Yii 2.0.45 exposed via the /books endpoint. The claim is that /books relates to Yii 2 is disputed by the vendor. Technical details on the underlying root cause, exploit steps, impacted versions beyond 2.0.45, and confirme...

6.1CVSS6AI score0.00395EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/28 12:0 a.m.9 views

CVE-2022-31454

Yii 2 v2.0.45 was discovered to contain a cross-site scripting XSS vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2...

6.1CVSS6.1AI score0.00395EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/28 12:0 a.m.29 views

CVE-2022-31454

Yii 2 v2.0.45 was discovered to contain a cross-site scripting XSS vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2...

6.2AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2023/04/04 12:0 a.m.193 views

CVE-2023-26750

Summary of CVE-2023-26750 : Yii 2 Framework prior to 2.0.47 contains a SQL injection vulnerability in the runAction function that can allow a remote attacker to execute arbitrary code. The issue’s impact is described as critical. Remediation available: upgrade to Yii 2.0.47 or later. Some connect...

9.8CVSS9.8AI score0.01822EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder