CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

titra 安全漏洞

titra is an open source time tracking project by kromit. A security vulnerability exists in titra 0.99.49 and earlier versions , the vulnerability stems from a bulk assignment vulnerability in the API that allows authenticated users to bypass business logic controls by injecting arbitrary fields...

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

PT-2024-25185 · Unknown · Fme Modules Customfields

Name of the Vulnerable Software and Affected Versions: FME Modules customfields versions 2.2.7 and before Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the "Custom Checkout Fields, Add Custom Fields to Checkout" parameter of the "ajax.php"...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop customfields version v.2.2.7 and prior versions. An attacker can...

CVE-2019-17527

dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=comjsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter...

Sql injection

dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=comjsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter...

Joomla! Virtuemart 2多个Customfields Filter模块未明安全漏洞

Joomla!是一款开放源码的内容管理系统CMS。 Joomla! Virtuemart 2多个Customfields Filter模块存在未明安全错误，目前没有详细解决方案提供。 0 Virtuemart 2 Multiple Customfields Filter 1.x module for Joomla! 厂商解决方案 Virtuemart 2 Multiple Customfields Filter 1.6.6已经修复此漏洞，建议用户下载使用： http://myext.eu/en/vmcustom-param-vip...

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...