Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2025/11/19 6:15 p.m.3 views

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...

6.5CVSS0.00038EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/11/19 5:26 p.m.3 views

CVE-2025-65034 Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

8.1CVSS6.3AI score0.0006EPSS
Exploits1References2
OSV
OSVadded 2025/11/19 5:26 p.m.6 views

CVE-2025-65032 Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

6.5CVSS6.6AI score0.00041EPSS
Exploits1References4
CVE
CVEadded 2025/11/19 5:25 p.m.4 views

CVE-2025-65031

CVE-2025-65031 affects Rallly versions prior to 4.5.4. A flaw in the comment creation endpoint allows an authenticated user to impersonate arbitrary users by altering the authorName field in the API request, potentially attributing comments to administrators or other privileged accounts and enabl...

6.5CVSS6.4AI score0.00038EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2025/11/19 5:24 p.m.6 views

CVE-2025-65029 Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The endpoint relies solely on a participant ID to...

8.1CVSS0.00068EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/11/19 5:23 p.m.6 views

CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

6.5CVSS0.00043EPSS
Exploits1References2
Rows per page
Query Builder