5 matches found
CVE-2025-47781
creationtimestamp| type| source ---|---|--- 2025-05-14 16:33:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16330 2025-05-14 16:38:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp5gqad37u2t...
CVE-2025-47781
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...
CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...
CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...
CVE-2025-47781
CVE-2025-47781 targets Rallly, an open-source scheduling tool. A 6-digit login token with weak entropy and no brute-force protection lets an unauthenticated attacker, knowing a valid email, brute-force the token within 15 minutes, potentially taking over the user’s account. Affected versions: up ...