CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1026 matches found

Prion•added 2020/09/19 9:15 p.m.•11 views

Code injection

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

6.8CVSS7.9AI score0.00338EPSS

Exploits0References2Affected Software1

OSV•added 2020/09/19 9:15 p.m.•3 views

UBUNTU-CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

8.1CVSS7.3AI score0.00338EPSS

Exploits0References4

Cvelist•added 2020/09/19 8:18 p.m.•16 views

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...

9.5AI score0.15535EPSS

Exploits4References4

Debian CVE•added 2020/09/19 8:18 p.m.•20 views

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...

10CVSS9.5AI score0.15535EPSS

Exploits4

CVE•added 2020/09/19 8:18 p.m.•83 views

CVE-2020-25787

CVE-2020-25787 affects Tiny Tiny RSS (tt-rss) prior to 2020-09-16. The issue is that tt-rss does not validate all URLs before requesting them, enabling potential remote code execution as described by multiple sources. A number of connected documents provide concrete details: a known remote code e...

10CVSS9.3AI score0.15535EPSS

Exploits4References4Affected Software1

Debian CVE•added 2020/09/19 8:18 p.m.•14 views

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

8.1CVSS8AI score0.00338EPSS

Exploits0

Cvelist•added 2020/09/19 8:18 p.m.•15 views

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

8AI score0.00338EPSS

Exploits0References3

CVE•added 2020/09/19 8:18 p.m.•54 views

CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

8.1CVSS7.9AI score0.00338EPSS

Exploits0References3Affected Software1

CVE•added 2020/09/19 8:17 p.m.•50 views

CVE-2020-25789

CVE-2020-25789 concerns Tiny Tiny RSS (tt-rss) before 2020-09-16. The issue, described across connected sources, is that the cached_url feature mishandles JavaScript inside an SVG document. The available documents denote this as the root cause but do not provide explicit exploit paths, affected v...

6.1CVSS6.3AI score0.00264EPSS

Exploits0References3Affected Software1

Debian CVE•added 2020/09/19 8:17 p.m.•23 views

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

6.1CVSS6.4AI score0.00264EPSS

Exploits0

Cvelist•added 2020/09/19 8:17 p.m.•15 views

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

6.5AI score0.00264EPSS

Exploits0References3

Positive Technologies•added 2020/09/19 12:0 a.m.•3 views

PT-2020-16209

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description An issue was discovered in the cached url feature, which mishandles JavaScript inside an SVG document. This issue affects Tiny Tiny RSS. Recommendations For versions prior to 2020-09-16,...

6.1CVSS6.9AI score0.00264EPSS

Exploits0References12

Positive Technologies•added 2020/09/19 12:0 a.m.•0 views

PT-2020-16207

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS tt-rss versions prior to 2020-09-16 Description The issue is related to the failure of Tiny Tiny RSS to validate all URLs before requesting them. This could potentially lead to unauthorized access or other security issues...

10CVSS6.6AI score0.15535EPSS

Exploits4References15

Positive Technologies•added 2020/09/19 12:0 a.m.•1 views

PT-2020-16208

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...

8.1CVSS6.6AI score0.00338EPSS

Exploits0References12

Veracode•added 2020/09/02 6:53 a.m.•11 views

Prototype Pollution

tiny-conf is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS3.5AI score0.00386EPSS

Exploits1References2Affected Software1

vulnersOsv•added 2020/09/01 4:46 p.m.•1 views

reasy (>=1.0.0 <=1.5.1), reasy-pure (>=0.0.5 <=1.0.4) +1 more potentially affected by CVE-2017-16097 via tiny-http (>=1.2.2 <=2.0.8)

tiny-http NPM version =1.2.2, =1.0.0, =0.0.5, =1.1.0, =2.1.4 Source cves: CVE-2017-16097 Source advisory: OSV:GHSA-CCH6-5X4H-6QC5...

7.5CVSS7.1AI score0.00533EPSS

Exploits1

OSV•added 2020/09/01 4:46 p.m.•14 views

GHSA-CCH6-5X4H-6QC5 Directory Traversal in tiny-http

Affected versions of tiny-http resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.4AI score0.00533EPSS

Exploits1References3