CVE-2026-12863

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

CVE-2026-12863

Venueless ’ social login contains an unvalidated redirect that could be exploited for phishing via trusted domains. Public records (NVD, CVE records) describe an unvalidated redirect in the social login flow, enabling attackers to lure users to attacker-controlled sites by leveraging trusted doma...

EUVD-2026-38221

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

CVE-2026-5599

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

EUVD-2026-19085

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

CVE-2026-5599 API allows deletion of users of other instance

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

CVE-2026-5599

CVE-2026-5599 affects the venueless platform: a user with API access and the "manage users" permission can trigger deletion of user accounts in other worlds. This cross-world impact can compromise account availability and integrity. The CVSS 4.0 base score is 7.3 (HIGH); attack vector is NETWORK ...

PT-2026-30436

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

venueless 安全漏洞

Venueless is an open-source online activity platform developed by Venueless. There are security vulnerabilities in Venueless, stemming from improper permission management. These vulnerabilities could allow users with API access and the “Manage Users” permission to delete user accounts from other...