Vulnerabilidades em lukevella
12 resultadosCVE-2025-47781CRITICALRallly Insufficient Password Login Token Entropy Leads to Account TakeoverEPSS 0.5%CVE-2025-65021CRITICALRallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2025-66027HIGHRallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy SettingsEPSS 0.3%CVE-2025-65033HIGHRallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID ManipulationEPSS 0.3%CVE-2025-65034HIGHRallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollIdEPSS 0.3%CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2026-6493MEDIUMlukevella rallly Reset Password reset-password-form.tsx cross site scriptingEPSS 0.3%CVE-2025-65030HIGHRallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment RemovalEPSS 0.3%CVE-2025-65028MEDIUMRallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant VotesEPSS 0.2%CVE-2025-65032MEDIUMRallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ NamesEPSS 0.2%CVE-2025-65031MEDIUMRallly Improper Authorization in Comment Endpoint Allows User ImpersonationEPSS 0.2%CVE-2025-65020MEDIUMRallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)EPSS 0.2%