CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

CVE-2026-21694

Titra (open‑source time tracking) has an Improper Access Control in versions 0.99.49 and earlier, enabling users to view/edit other users’ time entries in private projects. The issue affects the Titra APIs and is fixed in version 0.99.50. No exploitation details are provided in the sources; advis...

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

CVE-1999-0575

A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking...

CVE-1999-0805

Novell NetWare Transaction Tracking System TTS in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests...

CVE-2025-1908

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000402 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...

ALPRs are recording your daily drive (Lock and Code S06E26)

This week on the Lock and Code podcast … There's an entire surveillance network popping up across the United States that has likely already captured your information, all for the non-suspicion of driving a car. Automated License Plate Readers, or ALPRs, are AI-powered cameras that scan and store ...

Nextcloud: SVG filter primitives bypass remote image blocking, enabling email tracking without consent.

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail application. The sanitizer did not properly handle the SVG filter primitive, allowing external resources to be loaded even when the "Block remote images" setting was enabled. This vulnerability could be used to track...

CVE-2025-62118

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kcseopro AdWords Conversion Tracking Code adwords-conversion-tracking-code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through = 1.0...

PT-2026-23804

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...

PT-2026-27756

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter module, specifically within the xt CT component. The issue involves the handling of connection tracking templates and enqueued packets. When...

PT-2026-26130

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains an issue related to network packet scheduling. Specifically, the act ct action was found to potentially cause a Use-After-Free UAF condition when interacting wi...

PT-2026-4480

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the NFS daemon nfsd related to handling grace periods during server shutdown. Specifically, writing to the v4 end grace structure can occur concurrently with...

CVE-2025-69288

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

CVE-2025-62118

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kcseopro AdWords Conversion Tracking Code adwords-conversion-tracking-code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through = 1.0...

CVE-2025-62118

CVE-2025-62118 affects the WordPress AdWords Conversion Tracking Code plugin (versions up to 1.0). The issue is a stored XSS caused by improper input neutralization during web page generation, exploitable when data is stored and later rendered. The Wordfence vulnerability report lists this entry ...

CVE-2025-62118 WordPress AdWords Conversion Tracking Code plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kcseopro AdWords Conversion Tracking Code adwords-conversion-tracking-code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through = 1.0...

CVE-2025-62118 WordPress AdWords Conversion Tracking Code plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kcseopro AdWords Conversion Tracking Code adwords-conversion-tracking-code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through = 1.0...

EUVD-2025-205970

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kcseopro AdWords Conversion Tracking Code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through 1.0...