Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

166 matches found

ATTACKERKB
ATTACKERKBadded last week4 views

CVE-2026-42070

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00043EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.6 views

PT-2026-39890

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description The mc issue update function allows users with update bug threshold access UPDATER to edit, change the view state, and modify time tracking on bugnotes belonging to other users...

5.3CVSS5.8AI score0.00043EPSS
Exploits0References7
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.2 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.27.0 to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any ROLEUSER to create tags with formula strings as names using...

6.8CVSS5.8AI score0.00034EPSS
Exploits1References1
NVD
NVDadded 2026/05/04 6:16 p.m.3 views

CVE-2026-42092

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS0.00034EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/04 5:30 p.m.3 views

EUVD-2026-27069

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2026/04/30 12:0 a.m.116 views

📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution

DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...

4.8CVSS6.1AI score0.00041EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2026/04/29 8:48 p.m.1 views

CVE-2025-10539

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...

4.8CVSS6.3AI score0.00041EPSS
Exploits2References1
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.4 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developer. Versions of Kimai from 1.16.3 to 2.52.0 have security vulnerabilities. These vulnerabilities stem from incomplete escapeForHtml function escapes, which may lead to storage-side cross-site scripti...

5.4CVSS5.7AI score0.00012EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/24 7:30 p.m.1 views

EUVD-2026-14996

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

6.5CVSS5.7AI score0.00016EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/24 7:30 p.m.0 views

CVE-2026-33345 solidtime vulnerable to IDOR in private projects

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

6.5CVSS5.7AI score0.00016EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/03/07 7:59 a.m.1 views

CVE-2026-28685

Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/id" only checks the role-based viewinvoice permission but does not verify the requesting user has access to the invoice's customer. Any user with ROLETEAMLEAD which grants viewinvoice can read a...

6.5CVSS5.7AI score0.00015EPSS
Exploits1References1
CVE
CVEadded 2026/03/06 4:49 a.m.6 views

CVE-2026-28685

CVE-2026-28685 : Kimai’s API endpoint GET /api/invoices/{id} lacked customer-level access control. Before v2.51.0, the API checked only the role-based view_invoice permission, allowing any user with the ROLE_TEAMLEAD to read invoices for any customer, breaking data isolation. The Red Hat/NVD/NVD-...

6.5CVSS5.8AI score0.00015EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/08 1:21 a.m.2 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00023EPSS
Exploits0References1
NVD
NVDadded 2026/02/06 10:16 p.m.4 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS0.00023EPSS
Exploits0References3
OSV
OSVadded 2026/02/06 10:10 p.m.2 views

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00023EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/06 10:10 p.m.1 views

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00023EPSS
Exploits0References3
EUVD
EUVDadded 2026/02/06 10:10 p.m.2 views

EUVD-2026-5557

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00023EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/06 10:10 p.m.22 views

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS0.00023EPSS
Exploits0References3
CVE
CVEadded 2026/02/06 10:10 p.m.7 views

CVE-2026-25764

OpenProject suffers a stored HTML injection in the time-tracking workflow prior to 16.6.7 and 17.0.3. The HTML is not escaped in the work package name, allowing an attacker with administrator privileges to inject HTML into the name when creating time-tracking entries, potentially affecting the Wo...

3.5CVSS5.4AI score0.00023EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/06 10:10 p.m.2 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00023EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder