MEIFP – Most Exploited Internet-Facing Products

yiiframework

Products: Yii

26.0

Score

CVEs

Active

PoC

KEV

#106

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2024-58136	2025-04-10	9.0v3.1	ACTIVE		High	None	no	26.0	Yii	Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3