Lucene search
K

6481 matches found

Github Security Blog
Github Security Blog
added 2026/03/12 8:32 p.m.9 views

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 8:32 p.m.6 views

TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

8.4CVSS6.3AI score0.00203EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/12 8:32 p.m.3 views

GHSA-2F24-MG4X-534Q TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

8.4CVSS6.3AI score0.00203EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 8:16 p.m.3 views

CVE-2026-32251

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS0.00424EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 4:57 p.m.3 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 4:57 p.m.25 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS0.01025EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 4:57 p.m.14 views

CVE-2026-29066

TinaCMS CLI before 2.1.8 is affected by CVE-2026-29066: the dev server configures Vite with server.fs.strict: false, removing the filesystem restriction and permitting an unauthenticated attacker who can reach the dev server to read arbitrary host files. The issue impacts the TinaCMS CLI devServe...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/12 4:57 p.m.5 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 4:50 p.m.6 views

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS5.9AI score0.00203EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/12 12:35 p.m.5 views

CVE-2026-2808

A flaw was found in HashiCorp Consul. When configured with Kubernetes authentication, a highly privileged attacker can exploit this vulnerability to perform arbitrary file reads. This could lead to the disclosure of sensitive information from the system...

6.8CVSS5.9AI score0.00475EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/12 12:31 a.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the the Vault Kubernetes Authentication Provider. An attacker can access sensitive files by specifying tokenpath configuration parameter to any file on the Consul server node that later returned as jwt data and sent t...

7.6CVSS5.9AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 12:31 a.m.6 views

EUVD-2026-11487

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 12:31 a.m.3 views

GHSA-CPFQ-66P2-336J Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/12 12:31 a.m.7 views

Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/12 12:30 a.m.6 views

Security Bulletin: Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Summary HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. Vulnerability Details CVEID:CVE-2026-2808...

6.8CVSS5.8AI score0.00475EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/12 12:16 a.m.3 views

DEBIAN-CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS8.1AI score0.00475EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 12:16 a.m.6 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 12:16 a.m.6 views

UBUNTU-CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 contained a security vulnerability. This vulnerability stemmed from the TinaCMS CLI development server’s configuration using Vite, which disabled the built-in file system acces...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/12 12:0 a.m.2 views

OpenClaw Arbitrary File Read Vulnerability (CNVD-2026-13555)

OpenClaw is a tool for configuration management that supports loading external configuration files via the include directive. An arbitrary file read vulnerability exists in OpenClaw. An attacker can use this vulnerability to read sensitive files, such as API keys and credentials, outside of the...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References1
Rows per page
Query Builder