Lucene search
K

5 matches found

CVE
CVE
added 2026/04/10 7:39 p.m.15 views

CVE-2026-40184

CVE-2026-40184 affects the TREK travel planner. Prior to version 2.7.2, TREK served uploaded photos without requiring authentication, exposing private assets. The issue is fixed in TREK 2.7.2. Connected sources consistently describe unauthenticated access to uploaded files as the root cause and c...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:39 p.m.3 views

CVE-2026-40184

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

3.7CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25071

Summary A command injection vulnerability exists in Deno's node:child process polyfill shell: true mode that bypasses the fix for CVE-2026-27190 GHSA-hmh4-3xvx-q5hr. An attacker who controls arguments passed to spawnSync or spawn with shell: true can execute arbitrary OS commands, bypassing Deno'...

9.8CVSS6.1AI score0.02213EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1836

Malware in sbrugna...

7.5CVSS8.1AI score0.03463EPSS
Exploits0References5
NVD
NVD
added 2025/09/16 10:15 a.m.7 views

CVE-2025-10015

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

4.8CVSS0.00129EPSS
Exploits0References3
Rows per page
Query Builder