{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T06:37:51.359","vulnerabilities":[{"cve":{"id":"CVE-2026-21694","sourceIdentifier":"security-advisories@github.com","published":"2026-01-08T00:15:59.680","lastModified":"2026-01-12T18:44:36.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50."},{"lang":"es","value":"Titra es un software de seguimiento de tiempo de proyectos de código abierto. Las versiones 0.99.49 e inferiores tienen un Control de Acceso Inadecuado, permitiendo a los usuarios ver y editar las entradas de tiempo de otros usuarios en proyectos privados a los que no se les ha concedido acceso. Este problema se ha solucionado en la versión 0.99.50."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kromit:titra:*:*:*:*:*:*:*:*","versionEndExcluding":"0.99.50","matchCriteriaId":"271EC7B1-5D87-473E-A67A-C9DCE59DA114"}]}]}],"references":[{"url":"https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}