Known Vulnerabilities for products from Yahoo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Yahoo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34043 | Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is ... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2025-53215 | Not Provided | 2025-08-28 | 2026-04-01 | |
| CVE-2025-25102 | Not Provided | 2025-03-03 | 2026-04-01 | |
| CVE-2024-53779 | Not Provided | 2024-12-02 | 2026-04-01 | |
| CVE-2019-6035 | Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites an... | 6.1 - MEDIUM | 2019-12-26 | 2020-01-04 |
| CVE-2017-2253 | Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its tim... | 7.8 - HIGH | 2017-07-17 | 2017-07-20 |
| CVE-2014-7216 | Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of ... | 9.3 - HIGH | 2015-09-11 | 2018-10-09 |
| CVE-2014-5881 | The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL... | 5.4 - MEDIUM | 2014-09-11 | 2015-12-18 |
| CVE-2013-6853 | Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and... | 4.3 - MEDIUM | 2014-01-26 | 2021-09-22 |
| CVE-2013-6780 | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows r... | 4.3 - MEDIUM | 2013-11-13 | 2015-07-28 |
| CVE-2013-4942 | Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as... | 4.3 - MEDIUM | 2013-07-29 | 2020-12-01 |
| CVE-2013-4941 | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used... | 4.3 - MEDIUM | 2013-07-29 | 2020-12-01 |
| CVE-2013-4940 | Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle throug... | 4.3 - MEDIUM | 2013-07-29 | 2020-12-01 |
| CVE-2013-4939 | Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in ... | 4.3 - MEDIUM | 2013-07-29 | 2023-11-07 |
| CVE-2013-4873 | The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive inf... | 5 - MEDIUM | 2013-07-18 | 2017-08-29 |
| CVE-2013-4700 | The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which ... | 5.8 - MEDIUM | 2013-08-21 | 2014-03-05 |
| CVE-2013-4699 | The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL serve... | 5.8 - MEDIUM | 2013-08-21 | 2014-03-05 |
| CVE-2013-2316 | The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors rel... | 5.8 - MEDIUM | 2013-06-03 | 2013-06-04 |
| CVE-2013-2307 | The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web si... | 5.8 - MEDIUM | 2013-04-26 | 2013-04-29 |
| CVE-2012-5883 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzill... | 4.3 - MEDIUM | 2012-11-16 | 2017-08-29 |
Known software with vulnerabilities from Yahoo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Yahoo | Athenz | .1.7.47 |
| Application | Yahoo | Audio Conferencing Activex Control | - |
| Application | Yahoo | Autosync | 1.0.4.9 |
| Application | Yahoo | Desktop Login | 1.0.1 |
| Application | Yahoo | Japan Shopping | 1.4 |
| Application | Yahoo | Messenger | - |
| Application | Yahoo | Music Jukebox | - |
| Application | Yahoo | Pager | - |
| Application | Yahoo | Toolbar | - |
| Application | Yahoo | Tumblr | 3.4.0 |
| Application | Yahoo | Ui Library | - |
| Application | Yahoo | Widgets | - |
| Application | Yahoo | Yafuoku! | 4.3.0 |
| Application | Yahoo | Yahoo! Browser | 1.2.0 |
| Application | Yahoo | Yui | 2.4.0 |