5 matches found
CVE-2026-40184
CVE-2026-40184 affects the TREK travel planner. Prior to version 2.7.2, TREK served uploaded photos without requiring authentication, exposing private assets. The issue is fixed in TREK 2.7.2. Connected sources consistently describe unauthenticated access to uploaded files as the root cause and c...
CVE-2026-40184
TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...
PT-2026-25071
Summary A command injection vulnerability exists in Deno's node:child process polyfill shell: true mode that bypasses the fix for CVE-2026-27190 GHSA-hmh4-3xvx-q5hr. An attacker who controls arguments passed to spawnSync or spawn with shell: true can execute arbitrary OS commands, bypassing Deno'...
EUVD-2018-1836
Malware in sbrugna...
CVE-2025-10015
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...