CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

CVE•added 2026/04/17 2:15 p.m.•3 views

CVE-2026-6493

A vulnerability in lukevella rallly

5.1CVSS3.9AI score0.00013EPSS

Exploits0References7

Vulnrichment•added 2026/04/17 2:15 p.m.•2 views

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS3.9AI score0.00013EPSS

Exploits0References7

Cvelist•added 2026/04/17 2:15 p.m.•28 views

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

5.1CVSS0.00013EPSS

Exploits0References7

ATTACKERKB•added 2026/04/17 2:15 p.m.•1 views

CVE-2026-6493

5.1CVSS3.9AI score0.00013EPSS

Exploits0References7Affected Software1

CNNVD•added 2026/04/17 12:0 a.m.•3 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool developed by Luke Vella. It aims to make organizing events and meetings easier. Rallly versions 4.7.4 and earlier have a security vulnerability that stems from the parameter redirectTo in the file...

5.1CVSS5.6AI score0.00013EPSS

Exploits0References2

RedhatCVE•added 2025/12/04 6:17 p.m.•3 views

CVE-2025-66027

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled...

7.1CVSS6.3AI score0.00041EPSS

Exploits1References1

NVD•added 2025/11/29 1:16 a.m.•2 views

CVE-2025-66027

7.1CVSS0.00041EPSS

Exploits1References3

CVE•added 2025/11/29 12:43 a.m.•10 views

CVE-2025-66027

CVE-2025-66027 describes an information disclosure in Rallly prior to 4.5.6. The vulnerability allows disclosure of participant details (names and email addresses) through the endpoints /api/trpc/polls.get and polls.participants.list, even when Pro privacy features are enabled. The root cause is ...

7.1CVSS6AI score0.00041EPSS

Exploits1References3Affected Software1

OSV•added 2025/11/29 12:43 a.m.•4 views

CVE-2025-66027 Rallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy Settings

7.1CVSS6.2AI score0.00041EPSS

Exploits1References5

Vulnrichment•added 2025/11/29 12:43 a.m.•2 views

CVE-2025-66027 Rallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy Settings

7.1CVSS5.9AI score0.00041EPSS

Exploits1References3

Cvelist•added 2025/11/29 12:43 a.m.•5 views

CVE-2025-66027 Rallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy Settings

7.1CVSS0.00041EPSS

Exploits1References3

CNNVD•added 2025/11/29 12:0 a.m.•1 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool by Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.6, which stems from the disclosure of /api/trpc/polls.get,polls.participants.list endpoint...

7.1CVSS6.3AI score0.00041EPSS

Exploits1References4

Positive Technologies•added 2025/11/29 12:0 a.m.•3 views

PT-2025-48352

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.6 Description Rallly is a scheduling and collaboration tool. A flaw allows unauthorized disclosure of participant details, such as names and email addresses. This occurs through the...

7.1CVSS6.2AI score0.00041EPSS

Exploits1References10

RedhatCVE•added 2025/11/20 9:37 p.m.•3 views

CVE-2025-65028

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

6.5CVSS6.7AI score0.00043EPSS

Exploits1References1

RedhatCVE•added 2025/11/20 9:36 p.m.•4 views

CVE-2025-65032

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

6.5CVSS6.7AI score0.00041EPSS

Exploits1References1

RedhatCVE•added 2025/11/20 9:36 p.m.•1 views

CVE-2025-65021

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

9.1CVSS6.7AI score0.00081EPSS

Exploits1References1

RedhatCVE•added 2025/11/20 9:36 p.m.•3 views

CVE-2025-65034

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

8.1CVSS6.7AI score0.0006EPSS

Exploits1References1

NVD•added 2025/11/19 6:15 p.m.•8 views

CVE-2025-65033

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

8.1CVSS0.0006EPSS

Exploits1References2

NVD•added 2025/11/19 6:15 p.m.•5 views

CVE-2025-65032

6.5CVSS0.00041EPSS

Exploits1References2

NVD•added 2025/11/19 6:15 p.m.•2 views

CVE-2025-65028

6.5CVSS0.00043EPSS

Exploits1References2

Rows per page