3502 matches found
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
Linux Distros Unpatched Vulnerability : CVE-2024-23792
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user ...
Improper Input Validation
Overview datahihi1/tiny-env is a simple environment variable loader for PHP applications Affected versions of this package are vulnerable to Improper Input Validation in the parsing of environment variable values. An attacker can cause applications to process unintended characters or comment text...
TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
GHSA-72CM-7236-H43R TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759
TinyEnv is a PHP environment variable loader affected in versions 1.0.9 and 1.0.10 where inline comments inside .env values are not stripped, allowing unintended characters and potential misconfigurations or authentication failures. Root cause: improper handling of inline comments during parsing....
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
Comments in display names are incorrectly handled in net/mail
...
Improper handling of HTML-like comments in script contexts in html/template
...
[SECURITY] Fedora 41 Update: exiv2-0.28.6-2.fc41
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
Linux Distros Unpatched Vulnerability : CVE-2019-3850
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same...
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
...
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
...
Linux Distros Unpatched Vulnerability : CVE-2013-2082
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which...
Linux Distros Unpatched Vulnerability : CVE-2020-27662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table...
[SECURITY] Fedora 42 Update: exiv2-0.28.6-2.fc42
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
CVE-2025-48318
Cross-Site Request Forgery CSRF vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through = 1.2...