Lucene search
K

3862 matches found

Positive Technologies
Positive Technologies
added 2025/11/30 12:0 a.m.7 views

PT-2025-48385

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 Description A security flaw exists in taosir WTCMS. The issue affects the check/uncheck/delete function within the...

9.8CVSS6.3AI score0.00276EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/11/30 12:0 a.m.5 views

wtcms SQL注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. An SQL injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter ids in the file application/Comment/Controller/CommentadminController.class.php, which could lead to SQL...

9.8CVSS7AI score0.00276EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.8 views

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS6.8AI score0.00221EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.4 views

CVE-2025-65030

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

7.1CVSS6.7AI score0.0025EPSS
Exploits1References1
NVD
NVD
added 2025/11/19 6:15 p.m.4 views

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS0.00221EPSS
Exploits1References2
NVD
NVD
added 2025/11/19 6:15 p.m.4 views

CVE-2025-65030

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

7.1CVSS0.0025EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/19 5:25 p.m.3 views

CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS6.4AI score0.00221EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/19 5:25 p.m.9 views

CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS0.00221EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/19 5:25 p.m.3 views

EUVD-2025-198236

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS6.3AI score0.00221EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 5:25 p.m.12 views

CVE-2025-65031

CVE-2025-65031 affects Rallly versions prior to 4.5.4. A flaw in the comment creation endpoint allows an authenticated user to impersonate arbitrary users by altering the authorName field in the API request, potentially attributing comments to administrators or other privileged accounts and enabl...

6.5CVSS6.4AI score0.00221EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/19 5:25 p.m.7 views

CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS6.7AI score0.00221EPSS
Exploits1References4
CVE
CVE
added 2025/11/19 5:25 p.m.13 views

CVE-2025-65030

Rallly (open-source scheduling/collaboration tool) is affected in all versions prior to 4.5.4 by an authorization flaw in the comment deletion API that allows any authenticated user to delete comments belonging to other users (including poll owners and admins). The deletion endpoint appears to va...

7.1CVSS6.3AI score0.0025EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/19 5:25 p.m.3 views

EUVD-2025-198235

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

7.1CVSS6.2AI score0.0025EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/19 5:25 p.m.9 views

CVE-2025-65030 Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

7.1CVSS0.0025EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/19 5:25 p.m.2 views

CVE-2025-65030 Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

7.1CVSS6.3AI score0.0025EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 5:25 p.m.4 views

CVE-2025-65030 Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID f...

7.1CVSS6.6AI score0.0025EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/19 12:10 a.m.12 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS7.4AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an authorization flaw in the comment creation feature that could lead to...

6.5CVSS6.5AI score0.00221EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.5 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4, which stems from an authorization flaw in the comment deletion feature that could lead ...

7.1CVSS6.5AI score0.0025EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47508

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly, an open-source scheduling and collaboration tool, contains a flaw in authorization related to comment creation. An authenticated user can impersonate any other user by modifying the authorName...

6.5CVSS6.5AI score0.00221EPSS
Exploits1References5
Rows per page
Query Builder