All 5 CVE vulnerabilities found in YAFNET, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-43937 | YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql` CWE-89 | 8.8 | High | 2026-05-12 |
| CVE-2026-43938 | YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header CWE-79 | 8.1 | High | 2026-05-12 |
| CVE-2026-43939 | YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers CWE-79 | 7.3 | High | 2026-05-12 |
| CVE-2023-0650 | YAFNET Signature cross site scripting CWE-79 | 3.5 | Low | 2023-02-02 |
| CVE-2023-0549 | YAFNET Private Message PostPrivateMessage cross site scripting CWE-79 | 3.5 | Low | 2023-01-27 |
All 5 known CVE vulnerabilities affecting YAFNET with full Chinese analysis, references, and POCs where available.