3 matches found
CVE-2026-34603 @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...
CVE-2025-64168
Summary: CVE-2025-64168 affects Agno (multi-agent framework) from 2.0.0 to before 2.2.2. Under high concurrency, when session_state is passed to an Agent or Team during run or arun calls, a race condition can assign a session_state to the wrong session, potentially exposing user data across sessi...
CVE-2025-64168 Agno session state overwrites between different sessions/users
Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when sessionstate is passed to Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may...