| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14545 | YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed Generation | Unknown | YML for Yandex Market | 中危 | - | 2026-04-10 06:00:14 | Deep Dive |
| CVE-2026-32567 | WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability | icopydoc | YML for Yandex Market | 中危 | - | 2026-03-25 16:15:12 | Deep Dive |
| CVE-2025-5469 | Dylib Hijacking in Yandex Messenger | Yandex | Messenger | - | - | 2025-12-09 15:55:59 | Deep Dive |
| CVE-2025-5471 | Dylib Hijacking in Yandex Telemost | Yandex | Telemost | - | - | 2025-12-09 15:53:23 | Deep Dive |
| CVE-2025-5470 | Dylib Hijacking in Yandex Disk | Yandex | Disk | - | - | 2025-12-09 15:50:40 | Deep Dive |
| CVE-2025-63063 | WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability | Yandex Metrika | Yandex.Metrica | Medium | 5.3 | 2025-12-09 14:52:34 | Deep Dive |
| CVE-2025-8608 | Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins | mihdan | Maps from Yandex for Elementor | Medium | 6.4 | 2025-09-30 03:35:32 | Deep Dive |
| CVE-2025-48352 | WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability | sitesearch-yandex | Yandex Site search pinger | Medium | 5.9 | 2025-08-28 12:37:05 | Deep Dive |
| CVE-2025-30930 | WordPress ACF: Yandex Maps Field plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability | Unreal Themes | ACF: Yandex Maps Field | Medium | 5.9 | 2025-06-06 12:54:19 | Deep Dive |
| CVE-2024-12168 | DLL Hijacking in Yandex Telemost | Yandex | Telemost | - | - | 2025-06-02 12:44:31 | Deep Dive |
| CVE-2023-26226 | A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682 | Yandex | Browser | - | - | 2025-05-30 17:23:55 | Deep Dive |
| CVE-2021-25262 | Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. | Yandex | Browser | - | - | 2025-05-21 07:07:29 | Deep Dive |
| CVE-2021-25255 | Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. | Yandex | Browser Lite | - | - | 2025-05-21 07:04:02 | Deep Dive |
| CVE-2021-25254 | Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. | Yandex | Browser Lite | - | - | 2025-05-21 06:58:01 | Deep Dive |
| CVE-2024-6462 | DL Yandex Metrika <= 1.2 - Admin+ Stored XSS | Unknown | DL Yandex Metrika | - | - | 2025-05-15 20:07:07 | Deep Dive |
| CVE-2024-9378 | YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting | icopydoc | YML for Yandex Market | Medium | 6.1 | 2024-10-02 08:31:50 | Deep Dive |
| CVE-2024-6473 | DLL Hijacking in Yandex Browser | Yandex | Browser | - | - | 2024-09-03 10:35:59 | Deep Dive |
| CVE-2024-4411 | Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | mihdan | Mihdan: Yandex Turbo Feed | Medium | 6.4 | 2024-05-09 20:03:31 | Deep Dive |
| CVE-2024-1365 | YML for Yandex Market <= 4.2.3 - Reflected Cross-Site Scripting | icopydoc | YML for Yandex Market | Medium | 6.1 | 2024-03-13 15:27:13 | Deep Dive |
| CVE-2023-26531 | WordPress 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Plugin <= 4.2.7 is vulnerable to Cross Site Request Forgery (CSRF) | 闪电博 | 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 | Medium | 5.4 | 2023-11-12 23:58:58 | Deep Dive |