Arbitrary Code Injection

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An attacker can execute arbitrary code on the server by submitti...

CVE-2025-68278

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

PT-2025-52257

Name of the Vulnerable Software and Affected Versions Tina versions prior to 3.1.1 Description Tina is a headless content management system. Versions of Tina prior to 3.1.1 improperly utilize the gray-matter package, potentially allowing attackers who control the content of markdown files—such as...

EUVD-2024-53107

Malicious code in bioql PyPI...

CVE-2024-56318

In raw\TCP.cpp in Matter aka connectedhomeip or Project CHIP through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service...

CVE-2024-56317

In Matter aka connectedhomeip or Project CHIP through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by...

CVE-2024-56319

In Matter aka connectedhomeip or Project CHIP through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service resource exhaustion...

CVE-2024-56318

Matter (aka connectedhomeip/Project CHIP) contains a NULL pointer dereference in TCPBase::ProcessSingleMessage triggered by TCP packets with zero messageSize, affecting raw_TCP.cpp in versions up to and including 1.4.0.0 before commit 27ca6ec. This could lead to denial of service. Affected produc...

Matter 安全漏洞

Matter Project CHIP is a unified open source application layer connectivity standard open sourced by the Connectivity Standards Alliance. Designed to enable developers and device manufacturers to connect and build reliable, secure ecosystems and improve compatibility between connected home device...

PT-2024-36786 · Matter · Matter

Name of the Vulnerable Software and Affected Versions: Matter also known as connectedhomeip or Project CHIP versions 1.4.0.0 and earlier Description: The issue concerns the WriteAcl function, which first deletes all existing ACL entries and then attempts to recreate them based on user input. If...

CVE-2024-56319

In Matter aka connectedhomeip or Project CHIP through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service resource exhaustion...

CVE-2024-56317

In Matter aka connectedhomeip or Project CHIP through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by...

Matter 安全漏洞

Matter Project CHIP is a unified open source application layer connectivity standard open sourced by the Connectivity Standards Alliance. Designed to enable developers and device manufacturers to connect and build reliable, secure ecosystems and improve compatibility between connected home device...

PT-2024-25016 · Matter · Matter

Name of the Vulnerable Software and Affected Versions: Matter protocol versions prior to 1.1 Description: The issue is related to the Certificate Authenticated Session Establishment CASE protocol, which is used for establishing secure sessions between two devices. It allows an attacker to replay...