27 matches found
CVE-2026-41412
CVE-2026-41412 affects alf.io prior to 2.0-M5-2606. The extension sandbox injects a fully-functional HTTP client (simpleHttpClient) into every extension script’s scope, and the postFileAndSaveResponse() method accepts an arbitrary filesystem path using new FileInputStream(file) without path valid...
CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...
PT-2026-45881
Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-M5-2606 Description The extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accepts an arbitrary filesystem path via the...
EUVD-2023-12374
Malicious code in bioql PyPI...
EUVD-2023-33764
Malicious code in bioql PyPI...
EUVD-2023-33765
Malicious code in bioql PyPI...
CVE-2023-2259
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-0301
Cross-site Scripting XSS - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301...
CVE-2023-0300
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
alf.io Security Vulnerabilities
alf.io is open source ticket reservation system. A security vulnerability exists in alf.io versions prior to 2.0-Mr-2402. An attacker can exploit the vulnerability to view user ID details, especially the API KEY in the username...
alf.io Code Issues Vulnerabilities
alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260
CVE-2023-2260 affects alfio-event/alf.io prior to 2.0-M4-2304. The related documents describe an authorization bypass through a user-controlled key that risks exposing an index containing sensitive information. Impact is described as high for confidentiality, integrity, and availability, with CVS...
alf.io 代码注入漏洞
alf.io is open source ticket reservation system. A security vulnerability exists in versions prior to alf.io 2.0-M4-2304, which stems from an unsatisfactory neutralization of a special element used in the Engine template...
PT-2023-18577 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue concerns an improper authorization of an index containing sensitive information. This could potentially allow for an authorization bypass through a user-controlled key...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...