26 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...
CVE-2026-25782
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...
CVE-2026-25782
Summary: Gitea before 1.25.5 vulnerable to authorization bypass in tracked-time deletion. The bug occurs when a time entry is looked up by time ID without scoping to the issue in the request URL, allowing deletion of time-tracking entries from other issues. Affected software: Gitea server (Go pro...
EUVD-2026-41626
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...
EUVD-2026-41615
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...
PT-2026-55588
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient permission checks occur when listing tracked time entries. Recommendations Update to version 1.25.5 or later...
CVE-2026-42279
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...
CVE-2026-42279
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...
EUVD-2026-28527
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...
CVE-2026-42279 solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...
CVE-2026-42279
Solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} endpoint accepts a route-bound timeEntry UUID from another organization when the caller has time-entries:update:all in the URL organization, allowing a known for...
CVE-2026-21695
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...
CVE-2026-21695
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...
titra 访问控制错误漏洞
titra is a time tracking project from kromit open source. An access control error vulnerability exists in titra version 0.99.49 and earlier, which stems from improper access control and could lead to a user viewing and editing time entries in unauthorized private projects...
CVE-2026-21695 Titra API Contains Mass Assignment Vulnerability
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...
CVE-2026-21694 Titra APIs have Improper Access Control
Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...
CVE-2026-21694 Titra APIs have Improper Access Control
Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...
PT-2026-2091
Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. Versions 0.99.49 and below have an Improper Access Control issue, allowing users to view and edit other users' time entries in private projects...
Linux Distros Unpatched Vulnerability : CVE-2020-36308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...