Vulnerabilities > Yiiframework > YII > 2.0.26

DATE CVE VULNERABILITY TITLE RISK
2025-03-24 CVE-2025-2690 Deserialization of Untrusted Data vulnerability in Yiiframework YII
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39.
network
low complexity
yiiframework CWE-502
critical
 9.8
9.8
2025-03-24 CVE-2025-2689 Deserialization of Untrusted Data vulnerability in Yiiframework YII
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45.
network
low complexity
yiiframework CWE-502
critical
 9.8
9.8
2023-04-04 CVE-2023-26750 SQL Injection vulnerability in Yiiframework YII
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
network
low complexity
yiiframework CWE-89
critical
 9.8
9.8
2021-08-10 CVE-2021-3692 Use of Insufficiently Random Values vulnerability in Yiiframework YII
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
network
low complexity
yiiframework CWE-330
5.3
5.3
2021-08-10 CVE-2021-3689 Use of Insufficiently Random Values vulnerability in Yiiframework YII
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
network
low complexity
yiiframework CWE-330
7.5
7.5
2020-09-15 CVE-2020-15148 Unspecified vulnerability in Yiiframework YII
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
network
low complexity
yiiframework
critical
 10.0
10