CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

NVD•added 2025/11/29 1:16 a.m.•2 views

CVE-2025-66027

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled...

7.1CVSS0.00041EPSS

Exploits1References3

CVE•added 2025/11/29 12:43 a.m.•11 views

CVE-2025-66027

CVE-2025-66027 describes an information disclosure in Rallly prior to 4.5.6. The vulnerability allows disclosure of participant details (names and email addresses) through the endpoints /api/trpc/polls.get and polls.participants.list, even when Pro privacy features are enabled. The root cause is ...

7.1CVSS6AI score0.00041EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-24712

Malware in sbrugna...

5.3CVSS5.4AI score0.00864EPSS

Exploits0References2

CNNVD•added 2024/08/02 12:0 a.m.•1 views

Mercodia Feripro 安全漏洞

Mercodia Feripro is a vacation management software from Mercodia USA. A security vulnerability exists in Mercodia Feripro 2.2.3 and earlier versions, which stems from an incorrect access control vulnerability in /admin/programm//export/statistics, which could allow a remote attacker to export an...

7.5CVSS6.7AI score0.00264EPSS

Exploits0References4

OSV•added 2020/11/18 7:15 p.m.•2 views

CVE-2020-3441

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit...

5.3CVSS6.1AI score

Exploits0References1

Veracode•added 2020/09/03 5:0 a.m.•11 views

Information Disclosure

derhansen/sfeventmgt is vulnerable to information disclosure. Missing access checks in the backend module allows an authenticated user to export restricted participant data for events or send emails to event participants for events which the user does not have access to...

4.3CVSS3.7AI score0.00197EPSS

Exploits0References3Affected Software1

OSV•added 2020/09/02 6:3 p.m.•17 views

GHSA-G8RG-7RPR-CWR2 Information Disclosure in TYPO3 extension sf_event_mgt

A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure. Another missing access check in the backend module allows an authenticated backend user to send emai...

4.3CVSS4.3AI score0.00197EPSS

Exploits0References6

Github Security Blog•added 2020/09/02 6:3 p.m.•41 views

Information Disclosure in TYPO3 extension sf_event_mgt

4.3CVSS1.7AI score0.00197EPSS

Exploits0References7Affected Software1

Typo3•added 2020/09/02 12:0 a.m.•22 views

Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt)

A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure...

4CVSS3.9AI score0.00197EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by