Lukevella Rallly
12 CVEs affecting Lukevella Rallly. Latest disclosed: 2026-04-17. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47781 | Critical | 9.8 | 2025-05-14 | Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a… |
CVE-2025-65021 | Critical | 9.1 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability exists in the poll… |
CVE-2025-65034 | High | 8.1 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to re… |
CVE-2025-65033 | High | 8.1 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticat… |
CVE-2025-65029 | High | 8.1 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authent… |
CVE-2025-65030 | High | 7.1 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated… |
CVE-2025-65032 | Medium | 6.5 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authent… |
CVE-2025-65031 | Medium | 6.5 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows auth… |
CVE-2025-65020 | Medium | 6.5 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability in the poll duplic… |
CVE-2025-65028 | Medium | 6.5 | 2025-11-19 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authent… |
CVE-2026-6493 | Low | 3.5 | 2026-04-17 | A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/… |
CVE-2025-66027 | | 2025-11-29 | Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, includ… |