Lucene search
K

63 matches found

Nuclei
Nuclei
added yesterday36 views

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

6.2CVSS6.1AI score0.01025EPSS
Exploits1References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 6 days ago27 views

CVE-2026-55660

CVE-2026-55660 : TinaCMS and Tinacms app prior to versions 2.5.6 / 3.9.3 allow cross-origin postMessage abuse due to window message listeners that do not validate event.origin/source and post to non-specific origins, combined with insufficient URL sanitization in rich-text content. This enables s...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54074 @tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 6 days ago18 views

CVE-2026-54074

CVE-2026-54074 affects @tinacms/cli (pre-2.4.3) used with TinaCMS. A Forestry-to-Tina migration path unquotes values in user-controlled YAML fields via the TINA_INTERNAL marker, allowing injection of arbitrary JavaScript into the generated tina/templates.{ts,js} file. The code executes at module ...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55661 TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.7 views

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.3 views

CVE-2026-34604

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

8.8CVSS5.7AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 5:28 p.m.6 views

CVE-2026-34604

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

8.8CVSS0.00372EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 4:8 p.m.28 views

CVE-2026-34603 @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...

7.1CVSS0.00408EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 4:8 p.m.1 views

CVE-2026-34603 @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:8 p.m.2 views

CVE-2026-34603

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/01 4:8 p.m.14 views

CVE-2026-34603

CVE-2026-34603 affects TinaCMS: its media endpoints in @tinacms/cli (and related GraphQL handling) allow escaping the media root when symlinks or junctions exist in the media directory. The issue stems from lexical path-traversal checks that do not resolve symlink targets, enabling operations (li...

8.3CVSS5.8AI score0.00408EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 4:5 p.m.2 views

CVE-2026-34604 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

7.1CVSS5.8AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 4:5 p.m.3 views

EUVD-2026-17965

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

7.1CVSS5.8AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 4:5 p.m.29 views

CVE-2026-34604 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

7.1CVSS0.00372EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 3:54 p.m.3 views

CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6.1AI score0.00386EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/01 12:25 a.m.1 views

Symlink Attack

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Symlink Attack in the FilesystemBridge get, put, delete, and glob methods...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of parsing symbolic link targets during the development of media routing, which could le...

8.3CVSS5.8AI score0.00408EPSS
Exploits0References2
Rows per page
Query Builder