CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.35 contained security vulnerabilities; these vulnerabilities stemmed from an incomplete sandbox blocklist, which could lead to remot...