Browse all 4 CVE security advisories affecting yahoo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yahoo operates as a web services provider offering email, news, and search functionality. Historically, the platform has been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, often stemming from input validation flaws and insecure authentication mechanisms. Notable security incidents include the 2013 data breach affecting 3 billion accounts and the 2014 revelation of a separate breach exposing 500 million user records. These incidents highlight systemic security weaknesses in access controls and data protection practices. Despite mitigation efforts, the platform continues to experience vulnerabilities, with four CVEs currently documented, underscoring persistent security challenges in maintaining robust defenses across its extensive user base and service infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34043 | Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects — serialize-javascriptCWE-400 | 5.9 | Medium | 2026-03-31 |
| CVE-2019-16769 | Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS) — serialize-javascriptCWE-79 | 4.2 | Medium | 2019-12-05 |
This page lists every published CVE security advisory associated with yahoo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.