3498 matches found
TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759
TinyEnv is a PHP environment variable loader affected in versions 1.0.9 and 1.0.10 where inline comments inside .env values are not stripped, allowing unintended characters and potential misconfigurations or authentication failures. Root cause: improper handling of inline comments during parsing....
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
Comments in display names are incorrectly handled in net/mail
...
Improper handling of HTML-like comments in script contexts in html/template
...
[SECURITY] Fedora 41 Update: exiv2-0.28.6-2.fc41
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
Linux Distros Unpatched Vulnerability : CVE-2019-3850
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same...
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
...
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
...
Linux Distros Unpatched Vulnerability : CVE-2020-27662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table...
Linux Distros Unpatched Vulnerability : CVE-2013-2082
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which...
[SECURITY] Fedora 42 Update: exiv2-0.28.6-2.fc42
A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...
CVE-2025-48318
Cross-Site Request Forgery CSRF vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through = 1.2...
Linux Distros Unpatched Vulnerability : CVE-2021-41165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all...
Linux Distros Unpatched Vulnerability : CVE-2022-0489
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper filtering protected news archives. An attacker can access sensitive information by retrieving protected news items that are unintentionally included in the public RSS feed. Workaround This...
Linux Distros Unpatched Vulnerability : CVE-2024-23635
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS...