VYPR

Solidtime

by Solidtime Io

Source repositories

CVEs (3)

  • CVE-2026-42279MedMay 8, 2026
    risk 0.31cvss 5.8epss 0.00

    solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a…

  • CVE-2026-47236MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam() and…

  • CVE-2026-33345Mar 24, 2026
    risk 0.00cvss epss 0.00

    solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/{org}/projects/{project} allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a…