Vulnerabilities > Yiiframework
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-10 | CVE-2024-58136 | Unspecified vulnerability in Yiiframework YII Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. | 9.8 |
| 2025-03-24 | CVE-2025-2690 | Deserialization of Untrusted Data vulnerability in Yiiframework YII A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. | 9.8 |
| 2025-03-24 | CVE-2025-2689 | Deserialization of Untrusted Data vulnerability in Yiiframework YII A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. | 9.8 |
| 2025-03-20 | CVE-2024-4990 | Unspecified vulnerability in Yiiframework YII 2.0.48 In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. | 9.1 |
| 2023-12-22 | CVE-2023-50708 | Unspecified vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. | 9.8 |
| 2023-12-22 | CVE-2023-50714 | Improper Authentication vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. | 8.8 |
| 2023-11-14 | CVE-2023-47130 | Unspecified vulnerability in Yiiframework YII Yii is an open source PHP web framework. | 9.8 |
| 2023-09-21 | CVE-2015-5467 | Path Traversal vulnerability in Yiiframework YII web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | 9.8 |
| 2023-07-28 | CVE-2022-31454 | Cross-site Scripting vulnerability in Yiiframework YII 2.0.45 Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. | 6.1 |
| 2023-04-04 | CVE-2023-26750 | SQL Injection vulnerability in Yiiframework YII SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. | 9.8 |