Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/04 5:30 p.m.36 views

CVE-2026-42092 Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 5:30 p.m.13 views

EUVD-2026-27069

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 5:30 p.m.9 views

CVE-2026-42092 Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

titra 信息泄露漏洞

Titra is a time tracking project developed by Kromit. Version 0.99.52 of Titra contains an information leakage vulnerability. This vulnerability stems from the Meteor framework’s behavior, which returns all global settings without any checks for administrator or role permissions. As a result, any...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.13 views

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 2:16 p.m.9 views

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

5.4CVSS0.00186EPSS
Exploits0References3
Rows per page
Query Builder