Yaay Social Media App
Monthly
Authorization bypass in Yaay Social Media App versions 3.8.0 through 24102025 allows remote unauthenticated attackers to access restricted functionality and data by manipulating user-controlled key parameters. The vulnerability enables unauthorized access to features normally protected by access control lists (ACLs), potentially exposing user data, administrative functions, or content modification capabilities. TR-CERT has disclosed this issue with a CVSS base score of 8.8, requiring user interaction for exploitation. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis.
Authorization bypass in Yaay Social Media App versions 3.8.0 through 24102025 allows remote unauthenticated attackers to access restricted functionality and data by manipulating user-controlled key parameters. The vulnerability enables unauthorized access to features normally protected by access control lists (ACLs), potentially exposing user data, administrative functions, or content modification capabilities. TR-CERT has disclosed this issue with a CVSS base score of 8.8, requiring user interaction for exploitation. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis.