Lucene search
+L

6 matches found

NVD
NVD
added 2026/06/02 11:16 p.m.16 views

CVE-2026-41412

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:51 p.m.16 views

CVE-2026-41412

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/02 10:51 p.m.12 views

EUVD-2026-34051

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 10:50 p.m.8 views

CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 10:50 p.m.42 views

CVE-2026-35482

CVE-2026-35482 : alf.io’s extension script engine vulnerability allows an authenticated administrator to escape the Rhino sandbox and execute arbitrary OS commands on the server. The issue stems from an unguarded injected Java object (returnClass) combined with an incomplete AST blocklist, enabli...

8CVSS6.1AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:50 p.m.8 views

CVE-2026-35482

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00211EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder