yahoo

Top products

The 15 most recently published vulnerabilities affecting yahoo.

• CVE-2026-34043Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects5.9Mar 31, 2026
• CVE-2022-24827SQL Injection in elide-datastore-aggregation8.1Apr 11, 2022
• CVE-2020-5289Read permissions not enforced for client provided filter expressions in Elide http client6.8Mar 30, 2020
• CVE-2019-6035Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.6.1Dec 26, 2019
• CVE-2019-16769Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)4.2Dec 5, 2019
• CVE-2017-2253Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privi...7.8Jul 14, 2017
• CVE-2014-7216Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut...9.3Sep 11, 2015
• CVE-2014-5881The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ...5.4Sep 11, 2014
• CVE-2013-6853Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbi...4.3Jan 26, 2014
• CVE-2013-6780Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDo...4.3Nov 13, 2013
• CVE-2013-4700The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...5.8Aug 21, 2013
• CVE-2013-4699The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain...5.8Aug 21, 2013
• CVE-2013-4942Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8,...4.3Jul 26, 2013
• CVE-2013-4941Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4....4.3Jul 26, 2013
• CVE-2013-4940Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2...4.3Jul 26, 2013