1017 matches found
EUVD-2025-51503
Malicious code in tiny-tan-falcon npm...
EUVD-2025-51507
Malicious code in tiny-amaranth-pigeon npm...
EUVD-2025-51506
Malicious code in tiny-aquamarine-hornet npm...
MAL-2025-71146 Malicious code in tiny-tan-falcon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f843901419c246b41964318f8192499b71fe4b80d89f5dd2f4fd00eea35c402 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-51505
Malicious code in tiny-red-chimpanzee npm...
EUVD-2025-57025
Malicious code in tinycockroachz3n npm...
CVE-2025-58186
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
CVE-2025-11502
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
PT-2025-44708
Name of the Vulnerable Software and Affected Versions Schema & Structured Data for WP & AMP plugin for WordPress versions through 1.51 Description The Schema & Structured Data for WP & AMP plugin for WordPress has a Stored Cross-Site Scripting issue related to the 'saswp tiny multiple faq'...
AZL-69140 CVE-2025-58186 affecting package msft-golang 1.24.13-1
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
Division by zero
Overview Affected versions of this package are vulnerable to Division by zero via the CLAHEImage function in MagickCore/enhance.c. An attacker can cause the process to crash or exhaust system resources by supplying crafted parameters or very small images that result in zero tile dimensions, leadi...
CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the jstypedarrayindexOf function when a negative floating-point fromIndex argument with extremely small magnitude is supplied. An attacker can access memory beyond the end of a typed array by providing a crafted...
Improper Input Validation
datahihi1/tiny-env is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of characters, allowing attackers to inject comment text that can cause misconfigurations or authentication failures...
[SECURITY] Fedora 42 Update: rust-prometheus_exporter-0.8.5-5.fc42
Helper libary to export prometheus metrics using tiny-http...
[SECURITY] Fedora 43 Update: rust-prometheus_exporter-0.8.5-5.fc43
Helper libary to export prometheus metrics using tiny-http...
[SECURITY] Fedora 41 Update: rust-prometheus_exporter-0.8.5-5.fc41
Helper libary to export prometheus metrics using tiny-http...
SUSE CVE-2025-58186
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
Melis Platform CMS SQL Injection
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...
GHSA-MRMX-JFW8-QHGV Melis Platform CMS SQL Injection
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...