VYPR
Vendor

Titraio

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-42092MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as google_secret,…

  • CVE-2026-21695Jan 7, 2026
    risk 0.00cvss epss 0.00

    Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The…

  • CVE-2026-21694Jan 7, 2026
    risk 0.00cvss epss 0.00

    Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

  • CVE-2025-69288Dec 31, 2025
    risk 0.00cvss epss 0.01

    Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code…