Lucene search
K

101 matches found

Nuclei
Nuclei
added yesterday30 views

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

6.2CVSS6.1AI score0.01025EPSS
Exploits1References2
NVD
NVD
added 5 days ago4 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago16 views

CVE-2026-55661

CVE-2026-55661 affects TinaCMS rich-text rendering (Slate JSON) where the url field on Slate link/image nodes was not sanitized, allowing stored XSS via dangerous URL schemes such as javascript: or data:text/html. Affected versions include tinacms/mdx <2.1.7 and tinacms =2.1.7 and tinacms >...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/19 9:15 p.m.6 views

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...

7.6CVSS5.8AI score0.00196EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/19 9:15 p.m.4 views

Improper Verification of Source of a Communication Channel

Overview Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of cross-origin messages in the window message listeners. An attacker can hijack authenticated editing sessions by sending crafted postMessage events fro...

8.5CVSS5.9AI score0.00196EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 9:15 p.m.3 views

Improper Verification of Source of a Communication Channel

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of cross-origin messages in the window message...

8.5CVSS5.9AI score0.00196EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 9:15 p.m.4 views

Arbitrary Code Injection

Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Arbitrary Code Injection through the addVariablesToCode/makeFieldsWithInternalCode process in...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.6 views

@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Description Summary @tinacms/cli contains a Remote Code Execution vulnerability in its Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified collection JSON. User-supplied label and name fiel...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51104

Name of the Vulnerable Software and Affected Versions @tinacms/app versions prior to 2.5.6 tinacms versions prior to 3.9.3 Description Cross-origin postMessage handlers allow for stored XSS and session takeover. The software registers window message listeners—specifically the useTina overlay...

8.5CVSS5.8AI score0.00196EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/18 1:7 p.m.3 views

Cross-site Scripting (XSS)

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execut...

5.4CVSS5.9AI score0.00239EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/18 1:7 p.m.6 views

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3Affected Software2
Circl
Circl
added 2026/06/09 12:22 a.m.3 views

CVE-2026-54074

creationtimestamp| type| source ---|---|--- 2026-06-09 00:22:22+00:00| published-proof-of-concept| https://github.com/tinacms/tinacms/security/advisories/GHSA-4936-9hrh-qqpw 2026-07-02 12:50:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpo32jomd72u...

7.8CVSS5.7AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 3:54 p.m.17 views

CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:54 p.m.4 views

EUVD-2026-17961

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 3:54 p.m.6 views

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6AI score0.00386EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 12:25 a.m.8 views

@tinacms/app (>=0.0.0-0a1049d-20260309051347 <=2.4.0), @tinacms/cli (>=0.0.0-0a1049d-20260309051347 <=2.2.0) +4 more potentially affected by CVE-2026-34604 via @tinacms/graphql (>=2.0.0 <=2.2.1)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =3.7.0 Source cves: CVE-2026-34604 Source advisory: SNYK:JS-TINACMSGRAPHQL-15870926...

8.8CVSS5.8AI score0.00372EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/01 12:25 a.m.7 views

@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder