VYPR

Venueless

by Venueless

Source repositories

CVEs (3)

  • CVE-2026-5599HigApr 5, 2026
    risk 0.47cvss epss 0.00

    A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.

  • CVE-2026-12863Jun 22, 2026
    risk 0.00cvss epss 0.00

    An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

  • CVE-2026-4982Mar 27, 2026
    risk 0.00cvss epss 0.00

    A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know…