CVE-2024-49365 tiny-secp256k1 allows for verify() bypass when running in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...

CVE-2024-49365 tiny-secp256k1 allows for verify() bypass when running in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7, which stems from the potential disclosure of a private key when signing a malicious JSON stringable object, potentially leading to private key extraction...

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7 that stems from a possible bypass of checks when validating malicious JSON stringable messages, which could lead to false validation results...

tiny-secp256k1 allows for verify() bypass when running in bundled environment

Summary A malicious JSON-stringifyable message can be made passing on verify, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in strange objects bei...

GHSA-5VHG-9XG4-CV9M tiny-secp256k1 allows for verify() bypass when running in bundled environment

Summary A malicious JSON-stringifyable message can be made passing on verify, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in strange objects bei...

GHSA-7MC2-6PHR-23XC tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

Summary Private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in k reuse fo...

PT-2025-27492 · Unknown · Tiny-Secp256K1

Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A private key can be extracted when signing a malicious JSON-stringifiable object, affecting environments where the global Buffer is the buffer package. The Buffer.isBuffer check can be...

PT-2025-27493 · Unknown · Tiny-Secp256K1

Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A malicious JSON-stringifyable message can be made to bypass the Buffer.isBuffer check, resulting in strange objects being accepted as a message. This can trick the verify function into...

Malicious code in server-tiny-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8340f02ed93f95eece2017d2788917631ff5e62a3c2b04408288113576747a77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4883 Malicious code in server-tiny-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8340f02ed93f95eece2017d2788917631ff5e62a3c2b04408288113576747a77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-47635

Cross-Site Request Forgery CSRF vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through = 3.4.3...

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2023-24418

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin = 3.2 versions...

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control...

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...

PT-2025-22818 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: TinyFileManager version 2.4.7 Description: A stored cross-site scripting XSS issue in the /tinyfilemanager.php component allows attackers to execute arbitrary JavaScript or HTML by injecting a crafted payload into the js-theme-3 parameter. Th...

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...