Package impact
NuGet / YAFNET.Core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43937 | high | 8.8 | 8.8 | 16d ago | YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` | |||
| CVE-2026-43938 | high | 8.1 | 8.1 | 16d ago | YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header | |||
| CVE-2026-43939 | high | 7.3 | 7.3 | 16d ago | YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers |