CVE-2025-5471

High CVSS: 7.3

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1.

Vendor

Product

CWE

Yayın Tarihi

2025-12-09 16:17:59

Güncelleme

2026-02-19 17:03:17

Source Identifier

browser-security@yandex-team.ru

KEV Date Added

CWE-427 Yandex Telemost HIGH Yandex 2025

https://yandex.com/bugbounty/i/hall-of-fame-products

High

CVE-2024-12168

Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.

High

CVE-2023-26226

A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682

High

CVE-2021-25255

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.

Medium

CVE-2021-25262

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.

High

CVE-2021-25254

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.