Rallly

Rallly

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-66027

Exploit
  • EPSS 0.04%
  • Veröffentlicht 29.11.2025 00:43:02
  • Zuletzt bearbeitet 03.12.2025 20:25:53

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpo...

8.1

CVE-2025-65034

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.11.2025 17:26:59
  • Zuletzt bearbeitet 24.11.2025 18:02:45

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This ca...

8.1

CVE-2025-65033

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.11.2025 17:26:44
  • Zuletzt bearbeitet 24.11.2025 18:02:25

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the publ...

6.5

CVE-2025-65032

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.11.2025 17:26:09
  • Zuletzt bearbeitet 24.11.2025 19:33:13

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to change the display names of other participants in polls without being an adm...

6.5

CVE-2025-65031

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.11.2025 17:25:49
  • Zuletzt bearbeitet 25.11.2025 15:34:01

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API r...

7.1

CVE-2025-65030

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.11.2025 17:25:16
  • Zuletzt bearbeitet 25.11.2025 15:33:38

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators....

8.1

CVE-2025-65029

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.11.2025 17:24:45
  • Zuletzt bearbeitet 25.11.2025 15:33:17

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The...

9.1

CVE-2025-65021

Exploit
  • EPSS 0.08%
  • Veröffentlicht 19.11.2025 17:24:31
  • Zuletzt bearbeitet 25.11.2025 15:32:53

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they d...

6.5

CVE-2025-65020

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.11.2025 17:24:12
  • Zuletzt bearbeitet 25.11.2025 15:33:05

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability in the poll duplication endpoint (/api/trpc/polls.duplicate) allows any authenticated user to duplicate polls...

6.5

CVE-2025-65028

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.11.2025 17:23:57
  • Zuletzt bearbeitet 25.11.2025 15:32:31

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend...