6 matches found
CVE-2026-42092 Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra
titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...
EUVD-2026-27069
titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...
CVE-2026-42092 Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra
titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...
titra 信息泄露漏洞
Titra is a time tracking project developed by Kromit. Version 0.99.52 of Titra contains an information leakage vulnerability. This vulnerability stems from the Meteor framework’s behavior, which returns all global settings without any checks for administrator or role permissions. As a result, any...
CVE-2026-1927
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...
CVE-2026-1927
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...