Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Yf-exam ProjectYf-exam

4 matches found

CVE
CVEadded 2023/03/03 11:15 p.m.49 views

CVE-2023-26779

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).

9.8CVSS9.7AI score0.00997EPSS
CVE
CVEadded 2023/03/03 11:15 p.m.44 views

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication.

7.5CVSS7.4AI score0.00022EPSS
CVE
CVEadded 2023/03/03 11:15 p.m.35 views

CVE-2023-25402

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.

7.5CVSS7.5AI score0.00062EPSS
CVE
CVEadded 2023/03/02 4:15 p.m.30 views

CVE-2023-26780

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.

9.8CVSS9.5AI score0.00061EPSS