CVE-2026-2028

The MaxiBlocks Builder plugin for WordPress contains an issue where the maxi_remove_custom_image_size AJAX action inadequately validates file ownership, allowing authenticated users with Author-level access or higher to delete arbitrary files in wp-content/uploads (including files from others/adm...

WordPress plugin Petje.af 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Album and Image Gallery plus Lightbox plugin <= 2.1.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.8...

CVE-2026-5831 Agions taskflow-ai terminal_execute handlers.ts os command injection

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

CVE-2026-5831

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

CVE-2026-28793

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

CVE-2019-25591

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow in the registration code input field that can crash the application via an excessively long string. The vulnerability allows local attackers to cause a denial of service by pasting a malicious registration code consisting of 300 re...

Nsasoft Dnss Domain Name Search Software 缓冲区错误漏洞

Nsasoft Dnss Domain Name Search Software is a domain name search and analysis tool developed by the American company Nsasoft. Version 2.1.8 of Nsasoft Dnss Domain Name Search Software contains a buffer overflow vulnerability. This vulnerability stems from an issue with the registration code input...

Files or Directories Accessible to External Parties

Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the dev server configuration when...

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

CVE-2026-29066

TinaCMS CLI before 2.1.8 is affected by CVE-2026-29066: the dev server configures Vite with server.fs.strict: false, removing the filesystem restriction and permitting an unauthenticated attacker who can reach the dev server to read arbitrary host files. The issue impacts the TinaCMS CLI devServe...

CVE-2026-28793

TinaCMS CLI dev server (TinaCMS) prior to 2.1.8 exposes media endpoints via tinacms dev (default port 4001) including /media/list/, /media/upload/ , and /media/*. User-controlled path segments are processed with decodeURI() and path.join() without validating the resolved path against the configur...

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

CVE-2026-28792

Technical details (affected components, root cause, exploit data, or remediation specifics) are not provided in the connected documents. Monitor for updates.

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

PT-2026-25014

Name of the Vulnerable Software and Affected Versions TinaCMS versions prior to 2.1.8 Description TinaCMS is a headless content management system. Before version 2.1.8, the TinaCMS CLI development server configures Vite with server.fs.strict: false, disabling Vite’s built-in filesystem access...

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 contained security vulnerabilities. These vulnerabilities stemmed from the TinaCMS CLI development server having a lax CORS policy configured. Combined with path traversal...