Tiny File Manager

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-46651 MEDIUM This Month

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. [CVSS 4.3 MEDIUM]

SSRF Tiny File Manager
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-44998 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tiny File Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-46651
EPSS 0% CVSS 4.3
MEDIUM This Month

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. [CVSS 4.3 MEDIUM]

SSRF Tiny File Manager
NVD GitHub
CVE-2025-44998
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tiny File Manager
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy