Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2020-25788
An issue exists in Tiny Tiny RSS (aka tt-rss) prior to 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
Tt-rss Tiny Tiny Rss
6.1
CVSSv3
CVE-2020-25789
An issue exists in Tiny Tiny RSS (aka tt-rss) prior to 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
Tt-rss Tiny Tiny Rss
7.5
CVSSv3
CVE-2021-28373
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) prior to 2021-03-12 allows an malicious user to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use th...
Tt-rss Tiny Tiny Rss
9.8
CVSSv3
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
Tt-rss Tiny Tiny Rss 17.4
NA
CVE-2002-0349
Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.
Tiny Software Tiny Personal Firewall 2.0.15
NA
CVE-2012-1783
Tiny Server 1.1.9 and previous versions allows remote malicious users to cause a denial of service (crash) via a long string in a GET request without an HTTP version number.
Saurabh Gupta Tiny Server 1.0.5
Saurabh Gupta Tiny Server
Saurabh Gupta Tiny Server 1.1.5
1 EDB exploit
8.8
CVSSv3
CVE-2019-16790
In Tiny File Manager prior to 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
Tiny File Manager Project Tiny File Manager
4.3
CVSSv3
CVE-2022-1846
The Tiny Contact Form WordPress plugin up to and including 0.7 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Tiny Contact Form Project Tiny Contact Form
9.8
CVSSv3
CVE-2022-1000
Path Traversal in GitHub repository prasathmani/tinyfilemanager before 2.4.7.
Tiny File Manager Project Tiny File Manager
8.1
CVSSv3
CVE-2018-1000096
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middl...
Tiny-json-http Project Tiny-json-http
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »