Lucene search
K

4 matches found

Nuclei
Nuclei
added 7 hours ago6 views

YesWiki Reflected XSS via File Upload

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

7.6CVSS6AI score0.00582EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-55417

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS6AI score
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2025/11/19 5:24 p.m.3 views

CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

6.5CVSS6.3AI score0.00213EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47507

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization flaw exists in the comment deletion functionality of Rallly, an open-source scheduling and collaboration tool. Authenticated users can delete comments belonging to other users,...

7.1CVSS6.5AI score0.0025EPSS
Exploits1References6
Rows per page
Query Builder