Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 10:49 a.m.14 views

CVE-2024-25627

Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...

4.8CVSS5.9AI score0.0043EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 1:7 p.m.16 views

CVE-2024-25635

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS6.7AI score0.00716EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 1:1 p.m.7 views

CVE-2024-25634

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

7.2CVSS6.7AI score0.00748EPSS
Exploits1References1
CNNVD
CNNVDadded 2024/09/06 12:0 a.m.2 views

alf.io 安全漏洞

Alf.io is a free and open source event attendance management system from Alf.io Open Source. A security vulnerability exists in versions prior to alf.io 2.0-M5 that stems from preloaded json data that is not properly escaped, which could result in an administrator or event administrator inserting...

6.5CVSS6.6AI score0.00716EPSS
Exploits1References3
CNNVD
CNNVDadded 2024/02/19 12:0 a.m.4 views

alf.io Security Vulnerabilities

alf.io is open source ticket reservation system. A security vulnerability exists in versions prior to alf.io 2.0-Mr-2402. An attacker exploiting this vulnerability could use a specially crafted request to receive email logs sent by other events...

7.2CVSS6.6AI score0.00748EPSS
Exploits1References2
OSV
OSVadded 2024/02/16 8:23 p.m.13 views

CVE-2024-25628 Insufficient Session Expiration in alf.io

Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for th...

7.6CVSS7.4AI score0.00379EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/04/24 12:0 a.m.3 views

PT-2023-18564 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of formula elements in a CSV file. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: For versions...

8.8CVSS8.5AI score0.00913EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2023/04/24 12:0 a.m.3 views

PT-2023-18572 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of special elements used in a template engine. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: F...

9.1CVSS7.9AI score0.01089EPSS
Exploits1References7
Rows per page
Query Builder