Every CVE whose affected-product data names Yellowfinbi Yellowfin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-36388 — CVSS 7.5 (high): In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference…
CVE-2021-36389 — CVSS 7.5 (high): In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference…
CVE-2021-36387 — CVSS 5.4 (medium): In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a…