Lucene search
K

4 matches found

Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-54074 @tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 4:57 p.m.26 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS0.01025EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/12/18 6:45 p.m.6 views

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2025-68278 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2025-68278 Source advisory: OSV:GHSA-529F-9QWM-9628...

8.8CVSS5.8AI score0.00393EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.4 views

PT-2024-31595 · Unknown · @Tinacms/Cli

Name of the Vulnerable Software and Affected Versions: @tinacms/cli versions prior to 1.6.2 Description: Tina is an open-source content management system CMS. Sites building with Tina CMS's command line interface CLI that use a search token may be vulnerable to the search token being leaked via...

8.7CVSS6.9AI score0.00306EPSS
Exploits0References12
Rows per page
Query Builder