Vendor
Venueless
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5599 | Hig | 0.47 | — | 0.00 | Apr 5, 2026 | A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds. | ||
| CVE-2026-12863 | 0.00 | — | 0.00 | Jun 22, 2026 | An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains. | |||
| CVE-2026-4982 | 0.00 | — | 0.00 | Mar 27, 2026 | A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know… |
- risk 0.47cvss —epss 0.00
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.
- CVE-2026-12863Jun 22, 2026risk 0.00cvss —epss 0.00
An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.
- CVE-2026-4982Mar 27, 2026risk 0.00cvss —epss 0.00
A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know…