Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2128

Malware in sbrugna...

8.1CVSS6.6AI score0.017EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2074

Malware in sbrugna...

8.1CVSS7.8AI score0.01902EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2454

Malicious code in bioql PyPI...

9.8CVSS9AI score0.0074EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 6:39 p.m.6 views

CVE-2021-3689

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS6.8AI score0.01902EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/26 8:16 a.m.17 views

CVE-2025-2690

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS7.2AI score0.00599EPSS
Exploits1References1
OSV
OSV
added 2025/03/24 9:34 a.m.5 views

GHSA-88M2-J94X-V4FX yiisoft Yii2 Deserialization of Untrusted Data

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit...

6.3CVSS7.1AI score0.00556EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/03/24 7:31 a.m.23 views

CVE-2025-2690 yiisoft Yii2 MockClass.php generate deserialization

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.00599EPSS
Exploits1References4
CVE
CVE
added 2025/03/24 7:31 a.m.73 views

CVE-2025-2690

CVE-2025-2690 affects yiisoft/yii2 up to 2.0.39. The issue is in Generate() of phpunit\src\Framework\MockObject\MockClass.php and enables deserialization, with remote attack potential. Public exploit details exist; multiple sources (NVD, Red Hat, osv) corroborate a critical severity, though CVSS ...

9.8CVSS7.1AI score0.00599EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/24 7:0 a.m.5 views

CVE-2025-2689 yiisoft Yii2 SortableIterator.php getIterator deserialization

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit...

5.3CVSS6AI score0.00556EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/03/24 7:0 a.m.8 views

CVE-2025-2689 yiisoft Yii2 SortableIterator.php getIterator deserialization

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit...

6.5CVSS7.1AI score0.00556EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/03/22 11:32 a.m.14 views

CVE-2024-4990

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

9.1CVSS7AI score0.7939EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.33 views

CVE-2024-4990

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

9.1CVSS0.7939EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:11 a.m.15 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS7.6AI score0.7939EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Yii2 安全漏洞

Yii2 is a fast, secure and professional PHP framework from Yii Open Source. A security vulnerability exists in Yii2 version 2.0.48, which stems from the set method of the Component class that does not validate the behavioral class name or configuration, which could lead to arbitrary class...

9.1CVSS8.2AI score0.7939EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.9 views

PT-2024-33740 · Yii2 · Yii2

Name of the Vulnerable Software and Affected Versions: yiisoft/yii2 version 2.0.48 Description: The base Component class in yiisoft/yii2 contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an...

9.1CVSS7.9AI score0.7939EPSS
Exploits1References28
NVD
NVD
added 2021/08/10 5:15 p.m.27 views

CVE-2021-3692

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS0.017EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/08/10 10:21 a.m.22 views

CVE-2021-3689 Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS7.7AI score0.01902EPSS
Exploits1References2
Rows per page
Query Builder