CVE-2026-29066

TinaCMS CLI before 2.1.8 is affected by CVE-2026-29066: the dev server configures Vite with server.fs.strict: false, removing the filesystem restriction and permitting an unauthenticated attacker who can reach the dev server to read arbitrary host files. The issue impacts the TinaCMS CLI devServe...

CVE-2026-28793

TinaCMS CLI dev server (TinaCMS) prior to 2.1.8 exposes media endpoints via tinacms dev (default port 4001) including /media/list/, /media/upload/ , and /media/*. User-controlled path segments are processed with decodeURI() and path.join() without validating the resolved path against the configur...

PT-2025-41616

Name of the Vulnerable Software and Affected Versions Drupal Authenticator Login versions prior to 2.1.8 Description An authentication bypass issue exists in Drupal Authenticator Login. This allows attackers to bypass authentication mechanisms by utilizing an alternate path or channel...

CVE-2021-24488

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues...