Lucene search
+L

41 matches found

EUVD
EUVD
added 2025/12/31 9:55 p.m.4 views

EUVD-2025-206091

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

9.1CVSS6.7AI score0.00731EPSS
Exploits1References3
OSV
OSV
added 2025/12/31 9:55 p.m.4 views

CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

9.1CVSS7.2AI score0.00731EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/31 9:55 p.m.27 views

CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

9.1CVSS0.00731EPSS
Exploits1References3
CVE
CVE
added 2025/12/31 9:55 p.m.21 views

CVE-2025-69288

CVE-2025-69288 affects Titra open source time-tracking software. Before version 0.99.49, an authenticated Admin can modify the timeEntryRule in the database, which is then passed to a NodeVM to execute as code, enabling Remote Code Execution. The issue is fixed in 0.99.49. Documents also referenc...

9.1CVSS6.8AI score0.00731EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.8 views

PT-2025-54470

Name of the Vulnerable Software and Affected Versions Titra versions prior to 0.99.49 Description Titra is open source project time tracking software. Prior to version 0.99.49, authenticated Admin users can modify the timeEntryRule value in the database. This value is then passed to a NodeVM valu...

9.1CVSS7.2AI score0.00731EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.3 views

Eigenfocus 代码注入漏洞

Eigenfocus is a project management, planning software from Eigenfocus open source. A code injection vulnerability exists in Eigenfocus 1.4.0 and earlier versions, which stems from incorrect manipulation of the parameter entry.description/timeentry.description, and could lead to a cross-site...

5.1CVSS4.6AI score0.00216EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-7028

Malware in sbrugna...

7.5CVSS7.6AI score0.01624EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-15576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS7.5AI score0.01624EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS6.9AI score0.01624EPSS
Exploits0References3
OSV
OSV
added 2021/04/06 8:15 a.m.2 views

DEBIAN-CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

5.3CVSS5.6AI score0.00971EPSS
Exploits0References1
Prion
Prion
added 2017/10/18 2:29 a.m.10 views

Information disclosure

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

5CVSS7.4AI score0.01624EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2017/10/18 2:29 a.m.19 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS7AI score
Exploits0References3
OSV
OSV
added 2017/10/18 2:29 a.m.3 views

UBUNTU-CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS7.2AI score0.01624EPSS
Exploits0References4
NVD
NVD
added 2017/10/18 2:29 a.m.22 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS7.5AI score0.01624EPSS
Exploits0References3
OSV
OSV
added 2017/10/18 2:29 a.m.3 views

DEBIAN-CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS8.7AI score0.01624EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/10/18 2:29 a.m.23 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS7.2AI score0.01624EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/10/18 2:0 a.m.18 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.9AI score0.01624EPSS
Exploits0References3
CVE
CVE
added 2017/10/18 2:0 a.m.76 views

CVE-2017-15576

CVE-2017-15576 affects Redmine before 3.2.6 and 3.3.x before 3.3.3. The issue arises from mishandling Time Entry rendering in activity views, enabling remote disclosure of sensitive information. The vulnerability is labeled as information disclosure with CVSSv3 base score 7.5 (NETWORK, LOW attack...

7.5CVSS7.8AI score0.01624EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2017/10/18 2:0 a.m.41 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...

7.5CVSS7.5AI score0.01624EPSS
Exploits0
Prion
Prion
added 2015/08/31 6:59 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a 1 note added to a time entry or an 2 activity used to categorize time tracker entri...

3.5CVSS5.6AI score0.01412EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder