Lucene search
K

325 matches found

CVE
CVE
•added 2025/12/18 3:27 p.m.•20 views

CVE-2025-68278

CVE-2025-68278 affects tinacms prior to 3.1.1, where insecure use of the gray-matter package allows attackers who can control markdown front matter (e.g., blog posts) to execute arbitrary code. The issue spans tinacms, @tinacms/cli (v2.0.4), and @tinacms/graphql (v2.0.3). A fix is available in ti...

8.8CVSS7AI score0.00393EPSS
Exploits1References2Affected Software3
OSV
OSV
•added 2025/12/18 3:27 p.m.•8 views

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

8.6CVSS7.3AI score0.00393EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2025/12/18 12:0 a.m.•8 views

PT-2025-52257

Name of the Vulnerable Software and Affected Versions Tina versions prior to 3.1.1 Description Tina is a headless content management system. Versions of Tina prior to 3.1.1 improperly utilize the gray-matter package, potentially allowing attackers who control the content of markdown files—such as...

8.6CVSS7AI score0.00393EPSS
Exploits1References7
CNNVD
CNNVD
•added 2025/12/18 12:0 a.m.•4 views

TinaCMS ä»£ē ę³Øå…„ę¼ę“ž

TinaCMS is an open source headless CMS for Markdown, MDX and JSON from Tina Open Source. A code injection vulnerability exists in TinaCMS versions prior to 3.1.1, which stems from improper use of the gray-matter package and could lead to the execution of arbitrary code...

8.8CVSS7.4AI score0.00393EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2025/11/24 6:35 a.m.•9 views

CVE-2025-65108

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

10CVSS8.5AI score0.00896EPSS
Exploits0References1
CVE
CVE
•added 2025/11/21 9:52 p.m.•27 views

CVE-2025-65108

CVE-2025-65108 affects the md-to-pdf CLI (Markdown to PDF) where parsing front matter with a JavaScript delimiter can trigger the gray-matter JS engine to execute arbitrary code during the conversion process, enabling remote code execution. This vulnerability exists in versions prior to 5.2.5 and...

10CVSS8.2AI score0.00896EPSS
Exploits0References2
Github Security Blog
Github Security Blog
•added 2025/11/20 5:48 p.m.•16 views

md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter

Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...

10CVSS8.8AI score0.00896EPSS
Exploits0References4Affected Software1
OSV
OSV
•added 2025/11/20 5:48 p.m.•3 views

GHSA-547R-QMJM-8HVW md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter

Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...

10CVSS8AI score0.00896EPSS
Exploits0References4
OSV
OSV
•added 2025/11/18 12:8 a.m.•3 views

OSV-2025-906 Use-of-uninitialized-value in QImage::pixel

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=461199967 Crash type: Use-of-uninitialized-value Crash state: QImage::pixel XCFImageFormat::copyGrayAToRGB XCFImageFormat::copyLayerToImage...

6.9AI score
Exploits0References1
EUVD
EUVD
•added 2025/11/12 4:37 a.m.•2 views

EUVD-2025-120013

Malicious code in sillywhippetgray-50 npm...

6.6AI score
Exploits0
EUVD
EUVD
•added 2025/11/12 3:4 a.m.•2 views

EUVD-2025-117467

Malicious code in cooing-gray-eagle npm...

6.6AI score
Exploits0
EUVD
EUVD
•added 2025/11/12 3:4 a.m.•1 views

EUVD-2025-117522

Malicious code in active-gray-dolphin npm...

6.6AI score
Exploits0
EUVD
EUVD
•added 2025/11/12 3:4 a.m.•0 views

EUVD-2025-117018

Malicious code in ugliest-gray-wallaby npm...

6.6AI score
Exploits0
OSV
OSV
•added 2025/11/12 3:4 a.m.•2 views

MAL-2025-138635 Malicious code in cooing-gray-eagle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee4e04041645ccefea1a7b4557022e36c1affbe69091836280e14d0184b2b7a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
•added 2025/11/12 3:4 a.m.•2 views

EUVD-2025-117420

Malicious code in elated-gray-marten npm...

6.6AI score
Exploits0
EUVD
EUVD
•added 2025/11/12 3:4 a.m.•3 views

EUVD-2025-117003

Malicious code in victorious-gray-stingray npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/11/12 3:4 a.m.•0 views

Malicious code in elderly-gray-spoonbill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96b959c5c17ab2c8ba4b992d3d10b18349b5b9d3e8a7f7a4fc3134853c0959c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
•added 2025/11/12 3:4 a.m.•1 views

EUVD-2025-117198

Malicious code in obliged-gray-donkey npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/11/12 3:4 a.m.•3 views

Malicious code in obliged-gray-donkey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b04fe894ddc20327b2fb3e7036c84fe23114a4183385c745608ac91feb4a2778 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/11/12 3:4 a.m.•4 views

Malicious code in elated-gray-marten (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c32a771f61d8884dd839eb457a9126fe4d205325bf194b113122900c6b8a5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder