ymfe 漏洞与 CVE 列表(6)

产品(CPE): — CVE 数: 6

ymfe 漏洞概览

汇总 ymfe 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 跨站脚本与拒绝服务 等问题,部分漏洞可能导致 会话劫持,并影响 软件部署与生产负载 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 166 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-70060 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [email protected] 5.4 0.19% 2026-03-09 2026-06-17
CVE-2025-70059 An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [email protected] 7.5 0.34% 2026-03-09 2026-06-17
CVE-2025-70058 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [email protected] 7.4 0.17% 2026-02-23 2026-06-17
CVE-2021-36686 Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page. [email protected] 5.4 0.54% 2023-01-26 2026-06-16
CVE-2021-27884 Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used. [email protected] 5.1 0.34% 2021-03-01 2026-06-16
CVE-2018-17574 An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project. [email protected] 5.4 0.67% 2018-09-28 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence