Known Vulnerabilities for products from Yahoo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Yahoo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34043 json | Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is ... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2025-53215 json | Not Provided | 2025-08-28 | 2026-04-23 | |
| CVE-2025-25102 json | Not Provided | 2025-03-03 | 2026-04-23 | |
| CVE-2024-53779 json | Not Provided | 2024-12-02 | 2026-04-23 | |
| CVE-2019-6035 json | Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites an... | 6.1 - MEDIUM | 2019-12-26 | 2020-01-04 |
| CVE-2017-2253 json | Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its tim... | 7.8 - HIGH | 2017-07-17 | 2017-07-20 |
| CVE-2014-7216 json | Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of ... | Not Provided | 2015-09-11 | 2026-05-06 |
| CVE-2014-5881 json | The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL... | Not Provided | 2014-09-11 | 2026-05-06 |
| CVE-2013-6853 json | Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and... | Not Provided | 2014-01-26 | 2026-04-29 |
| CVE-2013-6780 json | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows r... | Not Provided | 2013-11-13 | 2026-04-29 |
| CVE-2013-4942 json | Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as... | Not Provided | 2013-07-29 | 2026-04-29 |
| CVE-2013-4941 json | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used... | Not Provided | 2013-07-29 | 2026-04-29 |
| CVE-2013-4940 json | Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle throug... | Not Provided | 2013-07-29 | 2026-04-29 |
| CVE-2013-4939 json | Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in ... | Not Provided | 2013-07-29 | 2026-04-29 |
| CVE-2013-4873 json | The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive inf... | Not Provided | 2013-07-18 | 2026-04-29 |
| CVE-2013-4700 json | The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which ... | Not Provided | 2013-08-21 | 2026-04-29 |
| CVE-2013-4699 json | The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL serve... | Not Provided | 2013-08-21 | 2026-04-29 |
| CVE-2013-2316 json | The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors rel... | Not Provided | 2013-06-03 | 2026-04-29 |
| CVE-2013-2307 json | The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web si... | Not Provided | 2013-04-26 | 2026-04-29 |
| CVE-2012-5883 json | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzill... | Not Provided | 2012-11-16 | 2026-04-29 |
Known software with vulnerabilities from Yahoo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Yahoo | Athenz | .1.7.47 |
| Application | Yahoo | Audio Conferencing Activex Control | - |
| Application | Yahoo | Autosync | 1.0.4.9 |
| Application | Yahoo | Desktop Login | 1.0.1 |
| Application | Yahoo | Japan Shopping | 1.4 |
| Application | Yahoo | Messenger | - |
| Application | Yahoo | Music Jukebox | - |
| Application | Yahoo | Pager | - |
| Application | Yahoo | Toolbar | - |
| Application | Yahoo | Tumblr | 3.4.0 |
| Application | Yahoo | Ui Library | - |
| Application | Yahoo | Widgets | - |
| Application | Yahoo | Yafuoku! | 4.3.0 |
| Application | Yahoo | Yahoo! Browser | 1.2.0 |
| Application | Yahoo | Yui | 2.4.0 |