27 matches found
CVE-2026-41412
CVE-2026-41412 affects alf.io prior to 2.0-M5-2606. The extension sandbox injects a fully-functional HTTP client (simpleHttpClient) into every extension script’s scope, and the postFileAndSaveResponse() method accepts an arbitrary filesystem path using new FileInputStream(file) without path valid...
CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...
PT-2026-45881
Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-M5-2606 Description The extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accepts an arbitrary filesystem path via the...
EUVD-2023-12374
Malicious code in bioql PyPI...
EUVD-2023-33764
Malicious code in bioql PyPI...
EUVD-2023-33765
Malicious code in bioql PyPI...
CVE-2023-2259
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-0301
Cross-site Scripting XSS - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301...
CVE-2023-0300
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
alf.io Security Vulnerabilities
alf.io is open source ticket reservation system. A security vulnerability exists in alf.io versions prior to 2.0-Mr-2402. An attacker can exploit the vulnerability to view user ID details, especially the API KEY in the username...
alf.io Code Issues Vulnerabilities
alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
PT-2023-18577 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue concerns an improper authorization of an index containing sensitive information. This could potentially allow for an authorization bypass through a user-controlled key...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260
CVE-2023-2260 affects alfio-event/alf.io prior to 2.0-M4-2304. The related documents describe an authorization bypass through a user-controlled key that risks exposing an index containing sensitive information. Impact is described as high for confidentiality, integrity, and availability, with CVS...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2259 Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...