CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

EUVD-2025-198223

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

EUVD-2025-198224

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

CVE-2025-65020

Rallly (open-source scheduling tool) has an IDOR in the poll duplication endpoint /api/trpc/polls.duplicate that allows any authenticated user to duplicate polls they do not own by modifying the pollId. Root cause: insecure direct object reference. Impact: bypasses access control and enables clon...

EUVD-2025-198225

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

CVE-2025-65028

CVE-2025-65028 affects Rallly prior to 4.5.4. The vulnerability is an insecure direct object reference (IDOR) in the vote-update endpoint where the backend relies solely on the participantId parameter to identify votes, without verifying ownership or poll permissions. This allows any authenticate...

CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

CVE-2025-12766

CVE-2025-12766 is a vulnerability in the Management Console of BlackBerry AtHoc (OnPrem) v7.21 where an insecure direct object reference (IDOR) could allow an attacker to gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS). Affected component:...

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

CVE-2025-12427

CVE-2025-12427 affects YITH WooCommerce Wishlist for WordPress (versions ≤ 4.10.0). The vulnerability is an Insecure Direct Object Reference via REST API/AJAX due to missing validation on user-controlled keys, allowing unauthenticated attackers to discover any user’s wishlist token ID and rename ...

CVE-2025-63513

kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference IDOR vulnerability in the appointment cancellation functionality...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in versions of Rallly prior to 4.5.4 that stems from an insecure direct object reference in the vote modification feature,...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the participant deletion feature,...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the Participant Display Name...

PT-2025-47509

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly is a scheduling and collaboration tool. A security issue exists where an authenticated user can modify the display names of other participants in polls without authorization. This is possible b...