CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

CVE-2025-65029

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The endpoint relies solely on a participant ID to...

CVE-2025-65030

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

CVE-2025-65034

CVE-2025-65034 affects Rallly prior to version 4.5.4. The vulnerability is an improper authorization that allows any authenticated user to reopen finalized polls owned by other users by manipulating the pollId parameter, potentially disrupting events and compromising availability and integrity of...

CVE-2025-65033

Rallly prior to 4.5.4 contains an authorization flaw in the poll management feature: polls are identified only by pollId, and ownership is not verified. This allows any authenticated user to pause or resume any poll, compromising integrity and availability. The issue has been patched in version 4...

EUVD-2025-198236

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

EUVD-2025-198225

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

PT-2025-47502

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An Insecure Direct Object Reference IDOR issue exists in the poll finalization feature of Rallly. An authenticated user can finalize a poll they do not own by manipulating the pollId parameter in the...

EUVD-2025-12614

Malicious code in bioql PyPI...

CVE-2025-46348

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...