Lucene search
K

14 matches found

Github Security Blog
Github Security Blog
added 2025/09/09 9:1 p.m.7 views

TinyEnv: Inline comments not stripped properly in .env values

Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...

6.5CVSS6.9AI score0.00194EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/09 8:59 p.m.4 views

GHSA-3J7M-5G4Q-GFPC TinyEnv: Missing .env file not required — may cause unexpected behavior

Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...

5.1CVSS6.7AI score0.00173EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/09 8:59 p.m.6 views

TinyEnv: Missing .env file not required — may cause unexpected behavior

Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...

7.3CVSS6.8AI score0.00173EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/09 7:52 p.m.2 views

CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...

5.1CVSS6.4AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 7:50 p.m.5 views

CVE-2025-58758 TinyEnv: Missing .env file not required — may cause unexpected behavior

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...

5.1CVSS6.5AI score0.00173EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.9 views

PT-2025-36952

Name of the Vulnerable Software and Affected Versions: TinyEnv versions 1.0.1 through 1.0.2 TinyEnv versions 1.0.9 through 1.0.10 Description: TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently...

5.1CVSS6.3AI score0.00173EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/01/29 12:0 a.m.2 views

PT-2023-1848 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.10 Description: The issue is related to a NULL pointer dereference in the ff hevc put weighted pred avg 8 sse function at sse-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted input file. The...

9.8CVSS6.5AI score0.0202EPSS
Exploits46References184
Positive Technologies
Positive Technologies
added 2023/01/29 12:0 a.m.5 views

PT-2023-1852 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.10 Description: The issue is related to a NULL pointer dereference in the put weighted pred 8 fallback function at fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted input file...

9.8CVSS6.5AI score0.0202EPSS
Exploits46References184
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.4 views

PT-2023-1846 · Libde265 +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.10 Description: The issue is related to a NULL pointer dereference in the mc chroma function at motion.cc in the libde265 video codec implementation. This allows an attacker to cause a Denial of Service DoS via a crafted...

9.8CVSS6.3AI score0.0202EPSS
Exploits46References182
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.3 views

PT-2022-7259 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to the ff hevc put hevc qpel v 3 8 sse function in the Libde265 video codec implementation, which is associated with a buffer overflow in memory. This allows attackers to cause a Denial...

9.8CVSS6.8AI score0.0202EPSS
Exploits46References204
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.4 views

PT-2022-7252 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the ff hevc put hevc qpel h 2 v 1 sse function in sse-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted video...

9.8CVSS6.4AI score0.0202EPSS
Exploits46References204
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.4 views

PT-2022-7260 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 versions 1.0.8 Description: The issue is related to a heap-buffer-overflow in the ff hevc put hevc epel pixels 8 sse function, which can be exploited by attackers to cause a Denial of Service DoS via a crafted video file. This...

9.8CVSS6.4AI score0.0202EPSS
Exploits46References203
Positive Technologies
Positive Technologies
added 2022/02/11 12:0 a.m.3 views

PT-2022-7270 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the put epel hv fallback function in fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted video file. The...

9.8CVSS6.5AI score0.0202EPSS
Exploits46References199
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.6 views

PT-2022-6473 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: libde265 versions 1.0.8 Description: An issue was discovered in libde265, where there is a Heap-use-after-free in intrapred.h when decoding a file using dec265. This could allow a remote attacker to cause a denial of service. Recommendations:...

9.8CVSS6.6AI score0.0202EPSS
Exploits46References224
Rows per page
Query Builder