2118 matches found
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
Linux Distros Unpatched Vulnerability : CVE-2010-3818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote...
Linux Distros Unpatched Vulnerability : CVE-2021-23422
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an...
Linux Distros Unpatched Vulnerability : CVE-2022-22891
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecmarefobjectinline in /jerry- core/ecma/base/ecma-gc.c. CVE-2022-22891 Note that Nessus...
Improper Input Validation
Overview datahihi1/tiny-env is a simple environment variable loader for PHP applications Affected versions of this package are vulnerable to Improper Input Validation in the parsing of environment variable values. An attacker can cause applications to process unintended characters or comment text...
TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
GHSA-72CM-7236-H43R TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
CVE-2025-58765
Wabac.js (service-worker based web archive replay) has a Reflected XSS in 404 error handling, where the requestURL parameter is embedded into an inline script without sanitization. Affected: wabac.js
CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic
wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759
TinyEnv is a PHP environment variable loader affected in versions 1.0.9 and 1.0.10 where inline comments inside .env values are not stripped, allowing unintended characters and potential misconfigurations or authentication failures. Root cause: improper handling of inline comments during parsing....
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
TinyEnv 输入验证错误漏洞
TinyEnv is an environment variable loader for the Dat Duy Personal Developer. An input validation error vulnerability exists in TinyEnv versions 1.0.9 and 1.0.10, which stems from improper handling of inline annotations and can lead to configuration errors...
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
...
Linux Distros Unpatched Vulnerability : CVE-2025-38701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL fl...
MAL-2025-44701 Malicious code in inline-dep (npm)
The package inline-dep was found to contain malicious code...
SUSE CVE-2025-38701
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...
CVE-2025-38701
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...