VYPR

Trek

by Mauriceboe

Source repositories

CVEs (3)

  • CVE-2026-40185HigApr 10, 2026
    risk 0.39cvss 7.1epss 0.00

    TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.

  • CVE-2026-45410MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password…

  • CVE-2026-40184LowApr 10, 2026
    risk 0.17cvss 3.7epss 0.00

    TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2.