1022 matches found
GHSA-MCVP-RPGG-9273 DragonFly's tiny file download uses hard coded HTTP protocol
Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...
CVE-2025-59410
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...
CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...
CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...
CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...
PT-2025-38274
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly, an open source P2P-based file distribution and image acceleration system, is susceptible to a Man-in-the-Middle attack. The scheduler for downloading small files was configured to use th...
Improper Input Validation
Overview datahihi1/tiny-env is a simple environment variable loader for PHP applications Affected versions of this package are vulnerable to Improper Input Validation in the parsing of environment variable values. An attacker can cause applications to process unintended characters or comment text...
Improper Check or Handling of Exceptional Conditions
Overview datahihi1/tiny-env is a simple environment variable loader for PHP applications Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions due to the loading of environment variables without requiring the .env file to exist. An attacker can...
Linux Distros Unpatched Vulnerability : CVE-2017-16896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. CVE-2017-16896 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2019-12495
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsymaddr...
Linux Distros Unpatched Vulnerability : CVE-2018-20375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sympop functi...
Linux Distros Unpatched Vulnerability : CVE-2020-25788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUESTurl in an error message...
Linux Distros Unpatched Vulnerability : CVE-2020-25789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document. CVE-2020-25789 Note...
Linux Distros Unpatched Vulnerability : CVE-2017-1000035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack CVE-2017-1000035 Note that Nessus relies on the presence of the package as reported by t...
Linux Distros Unpatched Vulnerability : CVE-2019-9754
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro...
Linux Distros Unpatched Vulnerability : CVE-2018-20374
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the usesection1...
Linux Distros Unpatched Vulnerability : CVE-2007-1959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the processcmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the 'othe...
Cross-site Scripting (XSS)
Overview @mermaid-js/tiny is a Tiny version of mermaid Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary JavaScript in the context of the application by injecting malicious HTML...
MAL-2025-36953 Malicious code in tiny-png (npm)
The package tiny-png was found to contain malicious code...
Malicious code in tiny-jpg (npm)
The package tiny-jpg was found to contain malicious code...