Browse all 5 CVE security advisories affecting Yooooomi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yooooomi operates as a cloud-based collaboration platform primarily serving remote teams with document sharing and real-time communication features. Historically, the application has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its five recorded CVEs. Security researchers have identified authentication bypass weaknesses and insufficient input validation as recurring concerns. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in web application components suggests potential risks for organizations relying on the platform for sensitive operations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-28193 | Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify — your_spotifyCWE-200 | 6.5 | Medium | 2024-03-13 |
| CVE-2024-28192 | NoSQL Injection Leading to Authentication Bypass in your_spotify — your_spotifyCWE-943 | 5.3 | Medium | 2024-03-13 |
| CVE-2024-28194 | Authentication Bypass Because of Hardcoded JWT Secret in your_spotify — your_spotifyCWE-798 | 9.1 | Critical | 2024-03-13 |
| CVE-2024-28195 | Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify — your_spotifyCWE-352 | 8.1 | High | 2024-03-13 |
| CVE-2024-28196 | Clickjacking in your_spotify — your_spotifyCWE-1021 | 6.5 | Medium | 2024-03-13 |
This page lists every published CVE security advisory associated with Yooooomi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.