8 matches found
CVE-2025-66027
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled...
CVE-2025-65034
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...
CVE-2025-65021
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...
EUVD-2025-198234
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...
CVE-2025-65032
Rallly is affected by an Insecure Direct Object Reference (IDOR) vulnerability in the Participant Display Name Modification feature. Prior to version 4.5.4, any authenticated user could change another participant’s display name by manipulating the participantId parameter in a rename request, comp...
EUVD-2025-198223
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...
Rallly 安全漏洞
Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4, which stems from an authorization flaw in the comment deletion feature that could lead ...
PT-2025-47508
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly, an open-source scheduling and collaboration tool, contains a flaw in authorization related to comment creation. An authenticated user can impersonate any other user by modifying the authorName...