Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiny vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-1000
Path Traversal in GitHub repository prasathmani/tinyfilemanager before 2.4.7.
Tiny File Manager Project Tiny File Manager
6.5
CVSSv3
CVE-2022-45475
Tiny File Manager version 2.4.8 allows an unauthenticated remote malicious user to access the application's internal files. This is possible because the application is vulnerable to broken access control.
Tiny File Manager Project Tiny File Manager 2.4.8
9.8
CVSSv3
CVE-2022-45476
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
Tiny File Manager Project Tiny File Manager 2.4.8
7.7
CVSSv3
CVE-2020-12102
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).
Tiny File Manager Project Tiny File Manager 2.4.1
7.7
CVSSv3
CVE-2020-12103
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.
Tiny File Manager Project Tiny File Manager 2.4.1
9.8
CVSSv3
CVE-2019-9002
An issue exists in Tiny Issue 1.3.1 and pixeline Bugs up to and including 1.3.2c. install/config-setup.php allows remote malicious users to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is ...
Tiny Issue Project Tiny Issue 1.3.1
Pixeline Bugs
8.8
CVSSv3
CVE-2022-23044
Tiny File Manager version 2.4.8 allows an unauthenticated remote malicious user to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
Tiny File Manager Project Tiny File Manager 2.4.8
6.1
CVSSv3
CVE-2021-37573
A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page
Tiny Java Web Server Project Tiny Java Web Server
6.5
CVSSv3
CVE-2020-35884
An issue exists in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
Tiny-http Project Tiny-http
Fedoraproject Fedora 34
Fedoraproject Fedora 35
6.1
CVSSv3
CVE-2020-12648
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and previous versions allows remote malicious users to inject arbitrary web script when configured in classic editing mode.
Tiny Tinymce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »