Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-01-12

CVE-2026-21694 - Titra Plugin

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

PLUGIN Titra

CVE-2026-21694

MEDIUM CVSS 6.8 2026-01-08
Open Full Technical Breakdown
Threat Entry Updated 2026-01-12

CVE-2026-21695 - Titra Plugin

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint uses the JavaScript spread operator (...customfields) to merge user-controlled input directly into the database document. While customfields is validated as an Object type, there is no validation of which keys are permitted inside that object. This allows attackers to overwrite protected fields such as userId, hours, and state.…

PLUGIN Titra

CVE-2026-21695

MEDIUM CVSS 4.3 2026-01-08
Open Full Technical Breakdown
Scroll to top