📦 Rallly

An Insecure Direct Object Reference (IDOR) vulnerability in Rallly allows any authenticated user to finalize polls they don't own by manipulating the pollId parameter. This enables unauthorized users ...

CVE-2025-47781 allows unauthenticated attackers to brute-force 6-digit authentication tokens in Rallly's email-based login system. With knowledge of a valid email address, attackers can take over any ...

This CVE describes an authorization flaw in Rallly's poll management feature where any authenticated user can pause or resume any poll by using only the public pollId, without ownership verification. ...

An improper authorization vulnerability in Rallly allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This compromises poll data inte...

This CVE describes an insecure direct object reference (IDOR) vulnerability in Rallly, an open-source scheduling tool. Any authenticated user can delete arbitrary participants from polls without owner...

An authorization flaw in Rallly's comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. This vulnerability affects a...

This CVE describes an information disclosure vulnerability in Rallly, an open-source scheduling tool. It allows unauthorized access to participant names and email addresses through a specific API endp...

An insecure direct object reference (IDOR) vulnerability in Rallly allows authenticated users to modify other participants' votes in polls without authorization. This compromises poll data integrity b...

This vulnerability allows authenticated users of Rallly to impersonate any other user by manipulating the authorName field in comment creation API requests. Attackers can post comments under arbitrary...

An Insecure Direct Object Reference (IDOR) vulnerability in Rallly allows authenticated users to change other participants' display names in polls without proper authorization. This affects all Rallly...

An Insecure Direct Object Reference (IDOR) vulnerability in Rallly's poll duplication endpoint allows authenticated users to duplicate polls they don't own by manipulating the pollId parameter. This b...