Yapi

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-70060 MEDIUM This Month

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [CVSS 5.4 MEDIUM]

XSS Yapi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-70059 HIGH This Week

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [CVSS 7.5 HIGH]

Denial Of Service Yapi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70058 HIGH This Week

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]

Tls Yapi
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-70060
EPSS 0% CVSS 5.4
MEDIUM This Month

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [CVSS 5.4 MEDIUM]

XSS Yapi
NVD GitHub
CVE-2025-70059
EPSS 0% CVSS 7.5
HIGH This Week

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [CVSS 7.5 HIGH]

Denial Of Service Yapi
NVD GitHub
CVE-2025-70058
EPSS 0% CVSS 7.4
HIGH This Week

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]

Tls Yapi
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy