CVE-2026-42279

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

CVE-2026-42279

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

CVE-2026-42279

Solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} endpoint accepts a route-bound timeEntry UUID from another organization when the caller has time-entries:update:all in the URL organization, allowing a known for...

CVE-2026-42279 solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

EUVD-2026-28527

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

titra 访问控制错误漏洞

titra is a time tracking project from kromit open source. An access control error vulnerability exists in titra version 0.99.49 and earlier, which stems from improper access control and could lead to a user viewing and editing time entries in unauthorized private projects...

CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

PT-2026-2091

Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. Versions 0.99.49 and below have an Improper Access Control issue, allowing users to view and edit other users' time entries in private projects...

Linux Distros Unpatched Vulnerability : CVE-2020-36308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

BIT-REDMINE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Information Disclosure

Redmine is vulnerable to information disclosure. The vulnerability exists due to the system exporting non-visible issues and time entries in CSV...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Design/Logic Flaw

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

UBUNTU-CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Redmine 注入漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine versions prior to 4.0.7 and versions prior to 4.1.1.1 in...