Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/06/02 10:51 p.m.5 views

CVE-2026-41412 alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:54 a.m.2 views

CVE-2023-0301

Cross-site Scripting XSS - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301...

5.4CVSS5.9AI score0.00276EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/02/16 12:0 a.m.3 views

PT-2024-21047 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: Alf.io versions prior to 2.0-M4-2402 Description: The issue allows an administrator on the Alf.io application to upload HTML files that trigger JavaScript payloads. This could enable an attacker who gains administrative access to persist acce...

4.8CVSS6.2AI score0.00564EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/04/24 12:0 a.m.5 views

alf.io 安全漏洞

alf.io is open source ticket reservation system. alfio-event A security vulnerability exists in alf.io versions prior to 2.0-M4-2304, which stems from alf.io not being properly authorized and containing an index of sensitive information...

8.8CVSS7.9AI score0.00294EPSS
Exploits1References4
CNNVD
CNNVDadded 2023/01/14 12:0 a.m.0 views

alf.io 跨站脚本漏洞

alf.io is an open source ticket reservation system. A cross-site scripting vulnerability exists in versions prior to alf.io 2.0-M4-2301, which stems from the fact that its Groups allow attackers to utilize reflective cross-site scripting to achieve HTML injection...

5.4CVSS4.7AI score0.00276EPSS
Exploits1References3
CNNVD
CNNVDadded 2023/01/14 12:0 a.m.2 views

alf.io 跨站脚本漏洞

alf.io is open source ticket reservation system. A cross-site scripting vulnerability exists in versions prior to alf.io 2.0-M4-2301 that stems from the presence of cross-site scripting XSS...

5.4CVSS4.7AI score0.00276EPSS
Exploits1References3
Rows per page
Query Builder