CVE-2026-21694

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

titra 访问控制错误漏洞

titra is a time tracking project from kromit open source. An access control error vulnerability exists in titra version 0.99.49 and earlier, which stems from improper access control and could lead to a user viewing and editing time entries in unauthorized private projects...

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

CVE-2026-21694

Titra (open‑source time tracking) has an Improper Access Control in versions 0.99.49 and earlier, enabling users to view/edit other users’ time entries in private projects. The issue affects the Titra APIs and is fixed in version 0.99.50. No exploitation details are provided in the sources; advis...

CVE-2026-21694 Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50...

PT-2026-2091

Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. Versions 0.99.49 and below have an Improper Access Control issue, allowing users to view and edit other users' time entries in private projects...

PT-2026-2092

Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. An API has a Mass Assignment issue that allows authenticated users to inject arbitrary fields into time entries, bypassing business logic control...

CVE-2025-69288

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

CVE-2025-69288

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

CVE-2025-69288

CVE-2025-69288 affects Titra open source time-tracking software. Before version 0.99.49, an authenticated Admin can modify the timeEntryRule in the database, which is then passed to a NodeVM to execute as code, enabling Remote Code Execution. The issue is fixed in 0.99.49. Documents also referenc...

CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

PT-2025-54470

Name of the Vulnerable Software and Affected Versions Titra versions prior to 0.99.49 Description Titra is open source project time tracking software. Prior to version 0.99.49, authenticated Admin users can modify the timeEntryRule value in the database. This value is then passed to a NodeVM valu...

titra 安全漏洞

titra is a time tracking project from kromit open source. A security vulnerability exists in versions prior to titra 0.99.49, which stems from an authenticated administrator user can modify the timeEntryRule value in the database and pass it to NodeVM for execution, potentially leading to remote...