Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lukevella — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting lukevella. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by lukevella:rallly
CVE IDTitleCVSSSeverityPublished
CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting — ralllyCWE-79 3.5 Low2026-04-17
CVE-2025-66027 Rallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy Settings — ralllyCWE-200 4.3 -2025-11-29
CVE-2025-65034 Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId — ralllyCWE-639 8.1 High2025-11-19
CVE-2025-65033 Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation — ralllyCWE-285 8.1 High2025-11-19
CVE-2025-65032 Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names — ralllyCWE-639 6.5 Medium2025-11-19
CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation — ralllyCWE-285 6.5 Medium2025-11-19
CVE-2025-65030 Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal — ralllyCWE-285 7.1 High2025-11-19
CVE-2025-65029 Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants — ralllyCWE-285 8.1 High2025-11-19
CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR) — ralllyCWE-285 9.1 Critical2025-11-19
CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR) — ralllyCWE-285 6.5 Medium2025-11-19
CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes — ralllyCWE-285 6.5 Medium2025-11-19
CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover — ralllyCWE-331 9.8 Critical2025-05-14

This page lists every published CVE security advisory associated with lukevella. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.