CVE-2025-65028

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

CVE-2025-65028

CVE-2025-65028 affects Rallly prior to 4.5.4. The vulnerability is an insecure direct object reference (IDOR) in the vote-update endpoint where the backend relies solely on the participantId parameter to identify votes, without verifying ownership or poll permissions. This allows any authenticate...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in versions of Rallly prior to 4.5.4 that stems from an insecure direct object reference in the vote modification feature,...

PT-2025-47505

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description Rallly, an open-source scheduling and collaboration tool, contains a flaw where an authenticated user can change votes in polls belonging to other participants without proper authorization. The backen...

Virginia Voting Machines Exposed to Low-Level, Election Altering Hacks Since 2004

The Virginia Information Technologies Agency VITA is calling on the board of elections in that commonwealth to immediately discontinue use of its electronic voting devices after an examination revealed the systems lack strong credentials and encryption and are utterly vulnerable to vote...