Lucene search
K

169 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 10:10 p.m.4 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00241EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/06 10:10 p.m.15 views

CVE-2026-25764

OpenProject suffers a stored HTML injection in the time-tracking workflow prior to 16.6.7 and 17.0.3. The HTML is not escaped in the work package name, allowing an attacker with administrator privileges to inject HTML into the name when creating time-tracking entries, potentially affecting the Wo...

3.5CVSS5.4AI score0.00241EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/06 10:10 p.m.6 views

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.7 and 17.0.3 had security vulnerabilities. These vulnerabilities stemmed from HTML injection in the time tracking feature, which could lead to cross-site scripting attacks...

3.5CVSS5.6AI score0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.16 views

PT-2026-6806

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the time tracking function where the application fails to properly handle HTML tags...

3.5CVSS5.7AI score0.00241EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.10 views

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

6.8CVSS7AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.5 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.7AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.5 views

titra 安全漏洞

titra is an open source time tracking project by kromit. A security vulnerability exists in titra 0.99.49 and earlier versions , the vulnerability stems from a bulk assignment vulnerability in the API that allows authenticated users to bypass business logic controls by injecting arbitrary fields...

4.3CVSS6.6AI score0.00244EPSS
Exploits1References2
CVE
CVE
added 2026/01/07 11:19 p.m.17 views

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

4.3CVSS6.4AI score0.00244EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/01/07 11:10 p.m.17 views

CVE-2026-21694

Titra (open‑source time tracking) has an Improper Access Control in versions 0.99.49 and earlier, enabling users to view/edit other users’ time entries in private projects. The issue affects the Titra APIs and is fixed in version 0.99.50. No exploitation details are provided in the sources; advis...

8.1CVSS6.3AI score0.00244EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/07 11:10 p.m.47 views

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

6.8CVSS0.00244EPSS
Exploits1References2
OSV
OSV
added 2026/01/07 11:10 p.m.4 views

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

6.8CVSS6.5AI score0.00244EPSS
Exploits1References4
NVD
NVD
added 2025/12/31 10:15 p.m.6 views

CVE-2025-69288

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

9.1CVSS0.00731EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.6 views

kimai 安全漏洞

kimai is a web-based multi-user time tracking application by the individual developer of kimai. A security vulnerability exists in kimai version 1.30.10, which stems from an improper implementation of the SameSite cookie and could lead to session hijacking...

9.8CVSS6.5AI score0.00496EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.4 views

CVE-2025-60291

An issue was discovered in eTimeTrackLite Web thru 12.0 20250704. There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations...

6.4AI score0.00305EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.5 views

Active Localization of Close-Range Adversarial Acoustic Sources for Underwater Data Center Surveillance

Underwater data infrastructures offer natural cooling and enhanced physical security compared to terrestrial facilities, but are susceptible to acoustic injection attacks that can disrupt data integrity and availability. This work presents a comprehensive surveillance framework for localizing and...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-1234

Malware in sbrugna...

5CVSS6AI score0.01521EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-0696

Malware in sbrugna...

4.3CVSS6.4AI score0.01299EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2007-4522

Malware in sbrugna...

5CVSS6.1AI score0.01649EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-0697

Malware in sbrugna...

7.5CVSS6.4AI score0.01337EPSS
Exploits0References7
Rows per page
Query Builder