Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2024

Malicious code in bioql PyPI...

9.1CVSS8.2AI score0.7939EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7345

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00556EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.8 views

The vulnerability of the yiisoft/yii2-redis framework in Yii, which allows attackers to expose protected information.

The vulnerability of the yiisoft/yii2-redis framework in Yii is related to the exposure of information through registration files. Exploiting this vulnerability allows a malicious actor to disclose protected information through the AUTH parameter...

6.6CVSS5.4AI score0.00283EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/04/02 3:25 a.m.11 views

Deserialization Of Untrusted Data

yiisoft/yii2-dev is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getIterator function of symfony\finder\Iterator\SortableIterator.php, which allows an attacker to execute arbitrary code remotely...

9.8CVSS7.9AI score0.00556EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/24 9:34 a.m.21 views

yiisoft Yii2 Deserialization of Untrusted Data

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit...

9.8CVSS7.1AI score0.00556EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/24 7:31 a.m.7 views

CVE-2025-2690 yiisoft Yii2 MockClass.php generate deserialization

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS7.1AI score0.00599EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/24 7:31 a.m.23 views

CVE-2025-2690 yiisoft Yii2 MockClass.php generate deserialization

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.00599EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.31 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS0.7939EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.12 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS8.1AI score0.7939EPSS
Exploits1References1
Veracode
Veracode
added 2024/06/05 6:4 a.m.21 views

Cross-Site Scripting (XSS)

yiisoft/yii2 is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by improper handling of quote conversion in the htmlspecialchars function, allowing an attacker to inject malicious attributes though argument values in exception stack traces...

4.2CVSS4.2AI score0.00347EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/30 7:52 p.m.20 views

CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

4.2CVSS6.1AI score0.00347EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/09/01 6:35 p.m.34 views

Use of Insufficiently Random Values in yiisoft/yii2-dev

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS7.3AI score0.01902EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/08/11 4:32 a.m.12 views

Insecure Random Number Generation

yiisoft/yii2 is using insecure random number generation. The vulnerability exists because it uses the function mtrand in CaptchaAction.php which is a predictable Random Number algorithm for random bytes and int generation...

5.3CVSS2AI score0.017EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2021/08/11 4:14 a.m.15 views

Insecure Random Number Generation

yiisoft/yii2 is using insecure random number generation. The vulnerability exists because it uses the function mtrand in BaseMailer.php which is a predictable Random Number algorithm for random bytes and int generation...

7.5CVSS2AI score0.01902EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/08/10 10:21 a.m.22 views

CVE-2021-3689 Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS7.7AI score0.01902EPSS
Exploits1References2
Veracode
Veracode
added 2019/03/07 5:6 a.m.9 views

Cross-Site Request Forgery (CSRF)

yiisoft/yii2 is vulnerable to cross-site request forgery CSRF. Request methods are not validated or restricted in \yii\web\Request::getMethod. This allows an attacker to bypass CSRF token checks by downgrading the HTTP request to read methods such as GET, HEAD or OPTIONS...

6.3AI score
Exploits0
Rows per page
Query Builder