Lucene search
K

26 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.3CVSS0.00286EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.10 views

CVE-2026-25782

Summary: Gitea before 1.25.5 vulnerable to authorization bypass in tracked-time deletion. The bug occurs when a time entry is looked up by time ID without scoping to the issue in the request URL, allowing deletion of time-tracking entries from other issues. Affected software: Gitea server (Go pro...

5.3CVSS5.9AI score0.00286EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.6 views

EUVD-2026-41626

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.9AI score0.00286EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41615

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55588

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient permission checks occur when listing tracked time entries. Recommendations Update to version 1.25.5 or later...

5.3CVSS6.1AI score0.00286EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42279

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

5.8CVSS5.3AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 5:16 a.m.16 views

CVE-2026-42279

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

5.8CVSS0.00266EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/08 3:57 a.m.13 views

EUVD-2026-28527

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

5.8CVSS5.7AI score0.00266EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/08 3:57 a.m.10 views

CVE-2026-42279 solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

5.8CVSS5.7AI score0.00266EPSS
Exploits1References3
CVE
CVE
added 2026/05/08 3:57 a.m.16 views

CVE-2026-42279

Solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} endpoint accepts a route-bound timeEntry UUID from another organization when the caller has time-entries:update:all in the URL organization, allowing a known for...

5.8CVSS5.7AI score0.00266EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.5 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.7AI score0.00244EPSS
Exploits1References1
NVD
NVD
added 2026/01/08 12:15 a.m.12 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS0.00244EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.12 views

titra 访问控制错误漏洞

titra is a time tracking project from kromit open source. An access control error vulnerability exists in titra version 0.99.49 and earlier, which stems from improper access control and could lead to a user viewing and editing time entries in unauthorized private projects...

8.1CVSS6.3AI score0.00244EPSS
Exploits1References2
OSV
OSV
added 2026/01/07 11:19 p.m.7 views

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.6AI score0.00244EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/07 11:10 p.m.2 views

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

6.8CVSS6.3AI score0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/07 11:10 p.m.47 views

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

6.8CVSS0.00244EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-2091

Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. Versions 0.99.49 and below have an Improper Access Control issue, allowing users to view and edit other users' time entries in private projects...

8.1CVSS6.6AI score0.00244EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-36308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

5.3CVSS6.2AI score0.00971EPSS
Exploits0References2
Rows per page
Query Builder