Every CVE whose affected-product data names Yiovo Firefly Mall, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-56161 — CVSS 7.5 (high): YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly…
CVE-2025-56162 — CVSS 6.5 (medium): YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds…