Lucene search
K

5 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56231

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 5:28 p.m.8 views

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 3:54 p.m.19 views

CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 3:54 p.m.4 views

CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6.1AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 3:54 p.m.12 views

CVE-2026-33949

CVE-2026-33949 concerns TinaCMS’s GraphQL package, where vulnerable versions prior to 2.2.2 expose a path traversal weakness in @tinacms/graphql. The root cause is insufficient path validation (notably handling of backslashes) in getValidatedPath, allowing unauthenticated users to write/overwrite...

8.1CVSS6AI score0.00386EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder