VYPR
Vendor

Venueless

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-5599HigApr 5, 2026
    risk 0.47cvss epss 0.00

    A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.

  • CVE-2026-12863Jun 22, 2026
    risk 0.00cvss epss 0.00

    An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

  • CVE-2026-4982Mar 27, 2026
    risk 0.00cvss epss 0.00

    A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know…