215 matches found
CVE-2026-9497
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
CVE-2026-9497
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
CVE-2026-9497
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
CVE-2026-9497 changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
CVE-2026-9497
The CVE concerns changmingxie tcc-transaction (up to version 2.1.0) where the Fastjson AutoType REST API’s Fastjson.parseObject deserialization is exploitable. The issue enables remote deserialization manipulation, with a network-based attack path and low- to moderate-severity indicators across C...
CVE-2026-9497 changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
EUVD-2026-31730
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
PT-2026-43116
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
TCC-TRANSACTION 代码问题漏洞
TCC-TRANSACTION is a distributed transaction solution by the individual developer of changmingxie. TCC-TRANSACTION 2.1.0 and earlier versions have a code issue vulnerability that stems from the operation of the function Fastjson.parseObject in the Fastjson AutoType REST API component, which could...
CVE-2026-39309
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...
CVE-2026-39309
CVE-2026-39309 affects Trilium Notes before v0.102.2. The Electron configuration allows a RunAsNode fuse to launch the app in a special Node.js mode (-e) that can execute arbitrary commands with Trilium’s permissions, enabling a local attacker to spoof macOS TCC prompts. An attacker could trigger...
EUVD-2026-31008
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...
Linux Distros Unpatched Vulnerability : CVE-2025-15523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main...
SUSE CVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-15523
The CVE-2025-15523 issue affects the MacOS version of Inkscape. A Python interpreter bundled with Inkscape inherits the app’s user-granted TCC permissions, enabling a local attacker to invoke the interpreter to run arbitrary commands or scripts and access files in privacy-protected folders withou...
CVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
PT-2026-3942
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
Inkscape security vulnerabilities
Inkscape is an open-source graphic editor. Versions of Inkscape prior to 1.4.3 have security vulnerabilities. This vulnerability stems from the Python interpreter bundled with Inkscape inheriting TCC permissions from the main application, which may allow local users to access files in...
CVE-2022-38497
LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69...
CVE-2025-1398
Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...