CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

166 matches found

Positive Technologies•added 2026/02/06 12:0 a.m.•12 views

PT-2026-6806

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the time tracking function where the application fails to properly handle HTML tags...

3.5CVSS5.7AI score0.00241EPSS

Exploits0References8

CNNVD•added 2026/02/06 12:0 a.m.•8 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.7 and 17.0.3 had security vulnerabilities. These vulnerabilities stemmed from HTML injection in the time tracking feature, which could lead to cross-site scripting attacks...

3.5CVSS5.6AI score0.00241EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 9:21 a.m.•10 views

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

6.8CVSS7AI score0.00478EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:10 a.m.•4 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.7AI score0.00244EPSS

Exploits1References1

CNNVD•added 2026/01/08 12:0 a.m.•3 views

titra 安全漏洞

titra is an open source time tracking project by kromit. A security vulnerability exists in titra 0.99.49 and earlier versions , the vulnerability stems from a bulk assignment vulnerability in the API that allows authenticated users to bypass business logic controls by injecting arbitrary fields...

4.3CVSS6.6AI score0.00244EPSS

Exploits1References2

CVE•added 2026/01/07 11:19 p.m.•15 views

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

4.3CVSS6.4AI score0.00244EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/01/07 11:10 p.m.•33 views

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

6.8CVSS0.00244EPSS

Exploits1References2

CVE•added 2026/01/07 11:10 p.m.•16 views

CVE-2026-21694

Titra (open‑source time tracking) has an Improper Access Control in versions 0.99.49 and earlier, enabling users to view/edit other users’ time entries in private projects. The issue affects the Titra APIs and is fixed in version 0.99.50. No exploitation details are provided in the sources; advis...

8.1CVSS6.3AI score0.00244EPSS

Exploits1References2Affected Software1

OSV•added 2026/01/07 11:10 p.m.•4 views

CVE-2026-21694 Titra APIs have Improper Access Control

6.8CVSS6.5AI score0.00244EPSS

Exploits1References4

NVD•added 2025/12/31 10:15 p.m.•4 views

CVE-2025-69288

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

9.1CVSS0.00731EPSS

Exploits1References3

CNNVD•added 2025/12/19 12:0 a.m.•4 views

kimai 安全漏洞

kimai is a web-based multi-user time tracking application by the individual developer of kimai. A security vulnerability exists in kimai version 1.30.10, which stems from an improper implementation of the SameSite cookie and could lead to session hijacking...

9.8CVSS6.5AI score0.00496EPSS

Exploits1References4

Vulnrichment•added 2025/10/27 12:0 a.m.•3 views

CVE-2025-60291

An issue was discovered in eTimeTrackLite Web thru 12.0 20250704. There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations...

6.4AI score0.00305EPSS

Exploits1References2

Packet Storm News•added 2025/10/22 12:0 a.m.•3 views

Active Localization of Close-Range Adversarial Acoustic Sources for Underwater Data Center Surveillance

Underwater data infrastructures offer natural cooling and enhanced physical security compared to terrestrial facilities, but are susceptible to acoustic injection attacks that can disrupt data integrity and availability. This work presents a comprehensive surveillance framework for localizing and...

6.9AI score

Exploits0