Lucene search
K

8 matches found

NVD
NVD
added 2025/11/29 1:16 a.m.6 views

CVE-2025-66027

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled...

7.1CVSS0.00307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.7 views

CVE-2025-65034

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

8.1CVSS6.7AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/11/19 6:15 p.m.4 views

CVE-2025-65021

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

9.1CVSS0.00335EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/19 5:26 p.m.8 views

EUVD-2025-198234

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

6.5CVSS6.2AI score0.00224EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 5:26 p.m.19 views

CVE-2025-65032

Rallly is affected by an Insecure Direct Object Reference (IDOR) vulnerability in the Participant Display Name Modification feature. Prior to version 4.5.4, any authenticated user could change another participant’s display name by manipulating the participantId parameter in a rename request, comp...

6.5CVSS6.4AI score0.00224EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/19 5:24 p.m.4 views

EUVD-2025-198223

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

9.1CVSS6.2AI score0.00335EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.6 views

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4, which stems from an authorization flaw in the comment deletion feature that could lead ...

7.1CVSS6.5AI score0.0025EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47508

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly, an open-source scheduling and collaboration tool, contains a flaw in authorization related to comment creation. An authenticated user can impersonate any other user by modifying the authorName...

6.5CVSS6.5AI score0.00221EPSS
Exploits1References5
Rows per page
Query Builder